Hey Guys,
My pc been infected by Virtumonde and ad popups for the last few days. Symptoms include, browser (Firefox) extremely slow to load web pages as well random ad popups. Also Spybot picked up Virtumonde and tried removing it bit it wasn't successfully. Also my pc CPU was running at 100% most of the time with winlogin.exe taking almost 50%f the cpu usage which is unusual.
I ran HijackThis and here are the log files.... Any help is greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:40 AM, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\Firefox\dss.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\mkv2vob\tools\virtualdubmod.exe
C:\Program Files\TVersity\Media Server\TVersity.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\Crusty.exe
My pc been infected by Virtumonde and ad popups for the last few days. Symptoms include, browser (Firefox) extremely slow to load web pages as well random ad popups. Also Spybot picked up Virtumonde and tried removing it bit it wasn't successfully. Also my pc CPU was running at 100% most of the time with winlogin.exe taking almost 50%f the cpu usage which is unusual.
I ran HijackThis and here are the log files.... Any help is greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:19:40 AM, on 12/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\NDAS\System\ndassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\NDAS\System\ndasmgmt.exe
D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\Firefox\dss.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\mkv2vob\tools\virtualdubmod.exe
C:\Program Files\TVersity\Media Server\TVersity.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\Crusty.exe