Spyware removal discussions » Adware

Virtumonde

(1 post)

Tags:

• virtumonde
• virtumon
• virtumondo

1. ds

   remove files:

   hggdefc.dll
   pmnlj.dll
   awtttqr.dll
   mljjk.dll
   bndsrsqo.dll
   awtqopm.dll
   geeby.dll
   jiinhuyb.dll
   sstqq.dll
   mljhghe.dll
   Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
   Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
   vtuts.dll
   rqrssro.dll
   byxurqq.dll
   rqron.dll
   mllmm.dll
   jkhhf.dll
   urstr.dll
   vtsss.dll
   ddcca.dll
   ces005dr.exe
   nnx22011.exe
   pmnnm.dll
   ssqqomk.dll
   xxyxwxv.dll
   wvursqn.dll
   vtsts.dll
   rqrppon.dll
   ljjgedc.dll
   khfcdba.dll
   ddcyx.dll
   tuvwuss.dll
   sstur.dll
   mljkkhf.dll
   khfcdaw.dll
   opnnljj.dll
   cbxxywx.dll
   nnnmmlk.dll
   vtuspmn.dll
   mllkk.dll
   sstrs.dll
   awtqqnl.dll
   kopCFEWV.exe
   gf1.0.0.2
   castlecops[1].exe
   ddcbabx.dll
   iifddby.dll
   2chkdsk
   pmnlk.dll
   SbCIe02b.dll
   ssttr.dll
   geebc.dll
   pmnno.dll
   jtr0079me.dll
   hrj6051se.dll
   unknown.exe
   svci.exe
   psdrv.exe
   rasrun.exe
   nwonknu.exe
   cidrules.dll
   rulesak.dll
   lspak.dll
   editpad.exe
   quicken.exe
   winhost.exe
   unknown.exewindowsupd2.exe
   svci.exe
   psdrv.exe
   rasrun.exe
   nwonknu.exe

   delete registry keys:

   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
   232D2677-68EE-4FA1-B988-279EBC8969ED
   A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
   90624170-D668-409E-A2F5-C0710044760F
   3385764C-85FC-45CC-B290-E97646306BB2
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
   SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
   6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
   582C46EE-9E66-4DE0-92A5-34B971099C0C
   429E0606-5905-4CCD-998A-9D2C29DE6F33
   B1F4D9B0-7300-408A-B70A-677CC7276EF6
   90375CC7-C153-4D5C-B81D-C4011A3C16D3
   2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
   DA0053C8-1501-48C6-BD86-167AA3DEC119
   A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
   9DC8B477-C55C-4373-953D-8913334A8D8B
   1B2E9329-C933-4A5D-908C-9A8251D1B7C6
   CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
   2AD3123A-16FF-404E-92E5-47128E40D281
   6980D6C1-F025-4067-B8B8-F12029EA0CD2
   53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
   4E35C785-B803-471E-AF03-74BDE42EA65A
   C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
   538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
   89AD4D75-2429-462e-BD4E-443F233F6033
   45B20293-5C68-4271-B4FD-F43A4075A2E3
   837B45D6-BF85-457D-AABF-6D2E7815F791
   B7672BAF-E9A3-49B6-86B2-C81719A18A4C
   53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
   C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
   FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
   D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
   F40114E6-51D4-4EE4-9F38-2E979AF84593
   35B868E9-614B-47BA-81F7-841B8B055247
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
   5A04F1F7-C0A5-41A1-8C23-7A96894B9002
   F9C57A10-3FFE-4E94-924E-264713738291
   719C7140-463A-45CB-BA90-828B11FCF5A4
   1f9137dc-0b86-43e1-a596-8b2b49125124
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
   855879EC-968C-4480-976B-870669F5F95A
   44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
   SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
   57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
   28DD5FA9-7526-4463-A548-BD2877B2710A
   27534EA2-AF0A-4405-9143-8837572099BC
   41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
   34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
   095514BB-363E-451D-9BAE-A054E51BD0B0
   82412A22-FFED-4A67-B37D-4127EBA1BB02
   8410970E-714C-4F14-AA6B-B3B2F3246827
   E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
   MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
   59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
   05029E1B-4C41-4681-8F7F-2AEC346136F4
   01ABD624-98FE-4B37-81F2-4E5B41799B6B
   1FB63E52-4D6E-48C1-A08F-F630FE50F337
   5A4A2D56-931A-4733-9121-033A2D95A274
   3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
   22E58089-6DB5-45D9-BF87-6C8975246D26
   F73AF695-229D-4549-B1A0-20DA99A81F19
   F00EFDF5-0042-4F5E-9F20-C688409CF918
   B2030C9A-DE59-457D-A042-D827AD69C8F3
   9CF8EE9B-0B2E-464A-9700-D7B46142BD99
   SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
   SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
   662BB3E3-204F-44FA-A827-143B8AB4B036
   C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
   B763C083-57E0-4993-B058-13008952DF68
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
   SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
   A05DA7E0-383C-4E99-A72A-742050A152A2
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
   SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
   6148028B-D532-4417-8C0B-5A4A0B745393
   D38439EC-4A7F-42b4-90C2-D810D7778FDD
   Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
   2FCAB754-0535-470E-8F80-BACB6CA1ACC1
   83B28A74-640D-48F4-9F51-E80EED7CC7E0
   Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
   D714A94F-123A-45CC-8F03-040BCAF82AD6
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
   22B271AB-3D0A-4CCB-8AD9-DD08183C356A
   68616403-4FFB-4B19-B360-0B0B1F55D5EC
   Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
   1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
   D01C9902-73AF-47FF-B784-05FDB6604FCF
   HKEY_LOCAL_MACHINE\software\targetsoft
   HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
   HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
   HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
   HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
   HKEY_CURRENT_USER\software\microsoft\windowsupd
   HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
   13589181-4f0d-4553-b9f8-b4b72172c139
   HKEY_LOCAL_MACHINE\software\targetsoftHKEY_CLASSES_ROOT\atlevents.atlevents
   HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
   HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
   HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psdrv
   HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\catw
   HKEY_CURRENT_USER\software\microsoft\windowsupd
   HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
   HKEY_CLASSES_ROOT\clsid\{13589181-4f0d-4553-b9f8-b4b72172c139}
   HKEY_CLASSES_ROOT\atlevents.atlevents

   Posted 10 months ago #

RSS feed for this topic

Reply

You must log in to post.