I think I've cleaned my PC, could someone please check logs and confirm

By withnail
Sep 26, 2008
  1. Hi people,

    So yesterday I installed some questionable software on my machine and in with the installation file was another .exe which I believed to be a necessary component. Obviously it wasn't and shortly after running it ESET intercepted this:

    t655.dll a variant of Win32/Adware.Virtumonde.NBE application

    I ran ESET and Adaware which showed nothing but today my PC was running a little slugishly, explorer crashed occasionally, web surfing was slow and although I could access google I could not perform a search.

    Remembering this site from a while back (thanks again for that) I ran all of your steps and believe I have fixed the problem. Malwarebytes found Trojan.Vundo.H and removed several items. I've included two logs as one item remained after a reboot.

    Immediately my machine was running as normal and
    Superantispyware found nothing.

    I've also included the Hijackthis log, I have already removed O20 - AppInit_DLLs: xrvucj.dll as this was clearly no good but would appreciate it if someone could confirm that there isn't anything else.

    Thanks in advance.


    Attached Files:

  2. rf6647

    rf6647 TS Maniac Posts: 829

    Restart the computer & re-run HJT.

    O20 - AppInit_DLLs: xrvucj.dll

    I could not find source for "msiexec.exe".
    Hasty look through support sites show "msiexec.exe" as a nasty. However, it was not tied to "xrucj.dll".

    If either or both of the findings appear, repeat all steps & repost.
  3. withnail

    withnail TS Rookie Topic Starter

    Thanks for looking at my logs.

    As I said before, I had already removed O20 - AppInit_DLLs: xrvucj.dll. The other entry you mentioned was not present when I did another Hijackthis scan a minute ago.

    Can we conclude I'm clean now?
  4. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi :

    Sometimes to make sure ALL the Vundo/Virtumonde has been detected, people
    run the FREE "VundoFix" program .

    And unsure IF you are aware of the NOD32 Support Forums at Wilders Security
    and the recommendation by "Blackspear" & his "Extra Settings" at !?
  5. withnail

    withnail TS Rookie Topic Starter

    Good advice SpiritWind, but I had already run the fix and set up ESET.
  6. rf6647

    rf6647 TS Maniac Posts: 829

    Yes, then you are clean. If you can name the exploit that bit you, it may serve as a warning to others.

    When it comes to malware, I am a lightweight. Spiritwind offers specific recommendations where you can go the extra step for the family of malware being presented in your case, and for the protection you are using.

    Since the o20 entry got by the cleaning steps, I can hear the usual refrains: 1) Is Wndows security current; 2) Is your protection up-to-date?
  7. withnail

    withnail TS Rookie Topic Starter

    Thanks both of you for your help.

    Everything is up to date and current (and for the most part I only run genuine software or freeware). The culprit I think was a lite version of Photoshop CS3 I downloaded from mininova. It came as a self-extracting exe which initially didn't work, I opened it with 7zip and inside were two files CS3 lite and a file named is165835.exe

    I scanned both files and they looked OK so I then ran them. I'm 99% sure this is when the problems started. CS3 Lite incidentally is still installed and running well.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...