2 replies to this topic

[chrlmill]

I, too, have been struck by the virtumonde trojan. I have used spybot search and destroy, as well as anti-malware, but I can't seem to rid my computer of this trojan permanently. Any help would be MUCH appreciated. Here is the log for the most recent scan....

Malwarebytes' Anti-Malware 1.30
Database version: 1433
Windows 5.1.2600 Service Pack 2

12/3/2008 4:01:38 PM
mbam-log-2008-12-03 (16-01-38).txt

Scan type: Quick Scan
Objects scanned: 67562
Time elapsed: 15 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\sefofele.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\vodawoja.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm2ffeb538 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tobedesawa (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\vodawoja.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\vodawoja.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sefofele.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\elefofes.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vodawoja.dll (Trojan.BHO) -> Delete on reboot.


Thanks in advance for any help!

[nosirrah]

Please allow MBAM to be updated to 1.31 adn then the definition updates as well and scan again , the new version should be able to clear this completely .

[chrlmill]

Ok, I will try that. Thank you!

nosirrah, on Dec 4 2008, 01:11 PM, said:

Please allow MBAM to be updated to 1.31 adn then the definition updates as well and scan again , the new version should be able to clear this completely .