8 Steps completed - Help a chick out yeah?

By LuNa4Death
Jan 1, 2009
  1. Hello all~!
    Earlier today I ended up getting a nice little present from zee interwebz. I had gotten the Virtumonde Malware/Trojan, I couldn't get to many sites to find fixes but i was able to get to here, I followed the 8 steps and it seems to have fixed it up nicely but I just want to make sure :) Attached are my .logs and .txt's

  2. LuNa4Death

    LuNa4Death TS Rookie Topic Starter


    I hadn't done a google search yet and when I did (in FireFox ver.3.0.5) it seems to pop up an old browser i never use anymore called Maxthon2. It seems to input the text i was searching for in this website: upliftsearch . com/ or sagipsul . com -->(which brings up a 404 message)

    Also another tab comes up as well that usually has a random IP address (mostly in the 70.38.x.x range) plus my search text.
  3. adweston

    adweston Banned Posts: 242

    It sounds like you still have some "baddies". Try running this and then repost your logs if that problem persists.

    (btw, I didn't look at your logs yet, I just recognize the symptoms)

    I just took a *really* quick look and you still have malware. Run that program and then report back.
  4. LuNa4Death

    LuNa4Death TS Rookie Topic Starter

    ComboFreak-me-out-while-running Done~!

    alrighty~ ComboFix has been run and the log file is attached. It seems to no longer be doing the popups when i search but i'm currently in the process of running other scans just to make sure :D


    I finished running MBAB & SAS and they both found nothing~ HUZZA!
    I'm attaching my latest HijackThis log :)
  5. adweston

    adweston Banned Posts: 242

    Delete these files:

    2008-12-31 12:48 . 2008-12-31 12:48 82,944 --a------ c:\windows\system32\bgl.exe

    Go to a command prompt and type in the following:

    sc delete seneka <enter>

    In Hijackthis, after you do a scan, place a check beside this entry:

    O20 - AppInit_DLLs: bsgffm.dll

    Then delete it.
  6. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

  7. adweston

    adweston Banned Posts: 242

    Oh.. Crappy. I forgot.. Post an HJT log when you're finished so we can see what we've got left, if anything.
  8. LuNa4Death

    LuNa4Death TS Rookie Topic Starter


    Sorry about the delay i had to go eat dinner. :eek:

    I was able to successfully delete c:\windows\system32\bgl.exe but when i went to cmd it gave me the following error:

    [SC] OpenService FAILED 1060:

    The specified service does not exist as an installed service.


    also when i ran HijackThis i went ahead and checked O20 - AppInit_DLLs: bsgffm.dll and attached is the latest log file :)
  9. adweston

    adweston Banned Posts: 242

    Ok.. For the Seneka service... Maybe I named it wrong.

    To fix that, go to Start > Run. Alternatively, hold down the Windows key and press R. Type in Services.msc and click ok.

    When the services come up, scroll down to the Seneka service and double click on it. A properties window will pop up. Under the General tab you will see a service name.

    In the command prompt, type in sc delete <service name> and then press "Enter".
  10. adweston

    adweston Banned Posts: 242

    Oh.. wait a second.. The Service doesn't show up in the HJT log.. Maybe it's already gone. Please advise.

    Other than that, it lookth thimply fabulouth. :p
  11. LuNa4Death

    LuNa4Death TS Rookie Topic Starter

    me thinketh you're the bestest~!

    YaY~! xD the service isn't there when i checked services.msc

    Thank you soooo much for the help! *huuuuugg* O(≧∇≦)O
  12. adweston

    adweston Banned Posts: 242

    Excellent. You're welcome. Glad to help.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...