Inquiring how to delete permanently the Virtumonde critical object. After identifying the item (5 objects), the program tried to remove but upon repeate scan it was still picking it up. Not sure how to remove permanently.
Logfile below:
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, May 21, 2006 9:44:13 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R108 17.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-21-2006 9:44:13 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 396
ThreadCreationTime : 5-21-2006 6:23:37 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 668
ThreadCreationTime : 5-21-2006 6:23:40 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\System32\
ProcessID : 700
ThreadCreationTime : 5-21-2006 6:23:45 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 5-21-2006 6:23:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 756
ThreadCreationTime : 5-21-2006 6:23:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 932
ThreadCreationTime : 5-21-2006 6:23:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 5-21-2006 6:23:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1152
ThreadCreationTime : 5-21-2006 6:23:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1236
ThreadCreationTime : 5-21-2006 6:23:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 5-21-2006 6:23:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1988
ThreadCreationTime : 5-21-2006 6:23:57 PM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 404
ThreadCreationTime : 5-21-2006 6:24:04 PM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:13 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 524
ThreadCreationTime : 5-21-2006 6:24:10 PM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe
#:14 [issvc.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec Client Firewall\
ProcessID : 584
ThreadCreationTime : 5-21-2006 6:24:11 PM
BasePriority : Normal
FileVersion : 8.7.0.58
ProductVersion : 8.7
ProductName : Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : ISSVC.exe
#:15 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 624
ThreadCreationTime : 5-21-2006 6:24:13 PM
BasePriority : Normal
FileVersion : 6.0.2.211
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2005 Symantec Corporation
OriginalFilename : SndSrvc.exe
#:16 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 648
ThreadCreationTime : 5-21-2006 6:24:14 PM
BasePriority : Normal
FileVersion : 2.2.0.5
ProductVersion : 2.2.0.5
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe
#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1280
ThreadCreationTime : 5-21-2006 6:24:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:18 [defwatch.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec AntiVirus\
ProcessID : 1544
ThreadCreationTime : 5-21-2006 6:24:23 PM
BasePriority : Normal
FileVersion : 10.1.0.394
ProductVersion : 10.1.0.394
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2006 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe
#:19 [pduip6000dmemcrdmgr.exe]
FilePath : C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\
ProcessID : 1620
ThreadCreationTime : 5-21-2006 6:24:24 PM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : Memory Card Utility
CompanyName : CANON INC.
FileDescription : Memory Card Manager
InternalName : PDUMemCrdMgr
LegalCopyright : Copyright CANON INC. 2004 All Rights Reserved.
OriginalFilename : PDUMemCrdMgr.exe
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1664
ThreadCreationTime : 5-21-2006 6:24:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [rtvscan.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec AntiVirus\
ProcessID : 1756
ThreadCreationTime : 5-21-2006 6:24:28 PM
BasePriority : Normal
FileVersion : 10.1.0.394
ProductVersion : 10.1.0.394
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2006 Symantec Corporation. All rights reserved.
#:22 [symsport.exe]
FilePath : C:\Program Files\Symantec Client Security\Symantec Client Firewall\
ProcessID : 1840
ThreadCreationTime : 5-21-2006 6:24:32 PM
BasePriority : Normal
FileVersion : 8.7.0.58
ProductVersion : 8.7
ProductName : Internet Security
CompanyName : Symantec Corporation
FileDescription : SymSPort.exe
LegalCopyright : Copyright © 2005 Symantec Corporation. All rights reserved.
#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1876
ThreadCreationTime : 5-21-2006 6:24:33 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:24 [mspmspsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2024
ThreadCreationTime : 5-21-2006 6:24:34 PM
BasePriority : Normal
FileVersion : 7.00.00.1947
ProductVersion : 7.00.00.1947
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:25 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2368
ThreadCreationTime : 5-21-2006 6:24:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:26 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3772
ThreadCreationTime : 5-21-2006 6:25:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:27 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 276
ThreadCreationTime : 5-22-2006 12:03:21 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:28 [issch.exe]
FilePath : C:\Program Files\Common Files\InstallShield\UpdateService\
ProcessID : 4028
ThreadCreationTime : 5-22-2006 12:03:25 AM
BasePriority : Normal
FileVersion : 4, 10, 100, 25539
ProductVersion : 4, 10
ProductName : InstallShield Update Service
CompanyName : InstallShield Software Corporation
FileDescription : InstallShield Update Service Scheduler
InternalName : Scheduler
LegalCopyright : Copyright © 1990-2004 InstallShield Software Corporation
OriginalFilename : issch.exe
#:29 [hpcmpmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\
ProcessID : 3636
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.6.2
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2005
OriginalFilename : HpCmpMgr.exe
#:30 [hpwuschd2.exe]
FilePath : C:\Program Files\HP\HP Software Update\
ProcessID : 676
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 50.0.146.000
ProductVersion : 050.000.146.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : Hewlett-Packard Product Assistant
InternalName : hpwuSchd2
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : hpwuSchd2.exe
Comments : Hewlett-Packard Product Assistant
#:31 [pduip6000dmon.exe]
FilePath : C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\
ProcessID : 832
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : Memory Card Utility
CompanyName : CANON INC.
FileDescription : PDUMon
InternalName : PDUMon
LegalCopyright : Copyright CANON INC. 2004 All Rights Reserved.
OriginalFilename : PDUMon.exe
#:32 [pduip6000dtskbr.exe]
FilePath : C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\
ProcessID : 3288
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : Memory Card Utility
CompanyName : CANON INC.
FileDescription : Memory Card Utility
InternalName : PDUTskbr
LegalCopyright : Copyright CANON INC. 2004 All Rights Reserved.
OriginalFilename : PDUTskbr.exe
#:33 [lvcomsx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2836
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 8.4.1.1092
ProductVersion : 8.4.1.1092
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:34 [logitray.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 3024
ThreadCreationTime : 5-22-2006 12:03:26 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:35 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\
ProcessID : 2688
ThreadCreationTime : 5-22-2006 12:03:31 AM
BasePriority : Normal
#:36 [kbd.exe]
FilePath : C:\HP\KBD\
ProcessID : 3628
ThreadCreationTime : 5-22-2006 12:03:31 AM
BasePriority : High
#:37 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3372
ThreadCreationTime : 5-22-2006 12:03:32 AM
BasePriority : Normal
FileVersion : 104.0.7.3
ProductVersion : 104.0.7.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:38 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\SYMANT~2\
ProcessID : 3680
ThreadCreationTime : 5-22-2006 12:03:32 AM
BasePriority : Normal
FileVersion : 10.1.0.394
ProductVersion : 10.1.0.394
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2006 Symantec Corporation. All rights reserved.
#:39 [alcxmntr.exe]
FilePath : C:\WINDOWS\
ProcessID : 3632
ThreadCreationTime : 5-22-2006 12:03:32 AM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:40 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3084
ThreadCreationTime : 5-22-2006 12:03:32 AM
BasePriority : Normal
FileVersion : 0.1.0.3510
ProductVersion : 0.1.0.3510
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:41 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3796
ThreadCreationTime : 5-22-2006 12:03:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:42 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2548
ThreadCreationTime : 5-22-2006 12:03:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:43 [fxsvr2.exe]
FilePath : C:\Program Files\Logitech\Video\
ProcessID : 3920
ThreadCreationTime : 5-22-2006 12:03:42 AM
BasePriority : Normal
FileVersion : 8.4.6.1012
ProductVersion : 8.4.6.1012
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2005 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:44 [hptskmgr.exe]
FilePath : C:\Program Files\HP\hpcoretech\comp\
ProcessID : 564
ThreadCreationTime : 5-22-2006 12:49:46 AM
BasePriority : Normal
FileVersion : 2.1.6.2
ProductVersion : 2.1.6.2
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Task Management Component
InternalName : HP Task Management Component
LegalCopyright : Copyright © Hewlett-Packard. 2002-2005
OriginalFilename : HPTskMgr.exe
#:45 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 1096
ThreadCreationTime : 5-22-2006 1:04:21 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:46 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2004
ThreadCreationTime : 5-22-2006 1:51:44 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:47 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 3268
ThreadCreationTime : 5-22-2006 2:17:23 AM
BasePriority : Normal
FileVersion : 5.2.3790.2453 (srv03_sp1_gdr.050525-1542)
ProductVersion : 5.2.3790.2453
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{22e85f2a-4a67-4835-b2c3-c575fe4ec322}
Virtumonde Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{22e85f2a-4a67-4835-b2c3-c575fe4ec322}
Value : AppID
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adousefulnet.adousefulnet
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adousefulnet.adousefulnet.1
Virtumonde Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{22e85f2a-4a67-4835-b2c3-c575fe4ec322}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 5
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
9:44:33 PM Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:20.406
Objects scanned:68209
Objects identified:5
Objects ignored:0
New critical objects:5
Full Version: Can't get rid of Virtumonde
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
shakker,
Please can you download VundoFix.exe to your desktop.
Double-click on the VundoFix.exe to run it.
Click the Scan for Vundo button.
When the scan is complete, click the Remove Vundo button.
click yes to remove the files,
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, Reboot (ie: Re-start your PC)
After your PC has restarted there will be a log called vundofix.txt will be created in your C:\ directory, please keep this log file as you may be asked to post it by the support staff
Lavasoft does have a BETA version of its own Virtumondo Remover
See Lavasoft Virtumondo Remover Released!
Then use the WebUpDate
to get the latest Definition file
SE1R109 22.05.2006 & scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature
GRAFX
Please can you download VundoFix.exe to your desktop.
Double-click on the VundoFix.exe to run it.
Click the Scan for Vundo button.
When the scan is complete, click the Remove Vundo button.
click yes to remove the files,
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, Reboot (ie: Re-start your PC)
After your PC has restarted there will be a log called vundofix.txt will be created in your C:\ directory, please keep this log file as you may be asked to post it by the support staff
Lavasoft does have a BETA version of its own Virtumondo Remover
See Lavasoft Virtumondo Remover Released!
QUOTE
To download this tool, you must register as a Beta Application Tester, accepting the terms and conditions of our beta testing program.
Then use the WebUpDate
to get the latest Definition file
SE1R109 22.05.2006 & scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature
GRAFX
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.