YET ANOTHER PACKED.MONDER VIRUS

View previous topic View next topic Go down

YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 7:06 pm

av been reading through the forum about this particular virus and noticed alot of ppl got theres repaired but was diffrent for everyone. so i am hoping someone can help me as i am about to throw my pc out of the window strap it to the quadbike and drag it offroad.

i have AVG internet sercurity 9.0 (just updated from 8.0) as soon as it installed i got warnings, about force removing kept hitting yes but i must of clicked 150 times asked for a restset once but started all again the virus vault had loads of the same virus thing in, called packed.monder virus file was a gasfk[string of letters].sys.

before i updated i was getting an image error (globalroot\systemroot\system32\gasfk[string of letters].dll is either not designed to run on windows or it contains an error) from the second the computer fired up any program wanting to open sent this pop up bad image file and was closely named gaskf[string of letters](last four diffrent).DLL. i still get it now.

i also get issues when downloading stuff and sometimes i dnt get the internet at all on my pc. laptop works fine.

i have no restore points its a relitivly new pc, so thats out of the question and AVG is trying to get rid of it but making no diffrence. so if anyone could help me i would be very gratefull. just post up what u want me todo or if u need any other info i will try to get it.

windows vista ultimate 32bit
AVG internet security 9.0
did have norton 360 but was crap so it was removed (or partly as some just dnt want to go)
windows firewall


thanks in advance

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 7:47 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 8:19 pm

will do that now thanks

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 8:29 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:16, on 24/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lexmark 1500 Series\lxdgmon.exe
C:\Program Files\Lexmark 1500 Series\lxdgamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PEAK Multimedia\DVB-T Digital PCI Utilities\AFRCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DEFAULT.ABC_RANGE-1\AppData\Local\TVersity\Media Server\web\admin\TVersity.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [lxdgmon.exe] "C:\Program Files\Lexmark 1500 Series\lxdgmon.exe"
O4 - HKLM\..\Run: [lxdgamon] "C:\Program Files\Lexmark 1500 Series\lxdgamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Remote Control.lnk = C:\Program Files\PEAK Multimedia\DVB-T Digital PCI Utilities\AFRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxdgCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdgserv.exe
O23 - Service: lxdg_device - - C:\Windows\system32\lxdgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\DEFAULT.ABC_RANGE-1\AppData\Local\TVersity\Media Server\MediaServer.exe

--
End of file - 9213 bytes

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 8:48 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 9:10 pm

launched it as stated above, then the boxes came with bad image i kept going through the boxes clicking ok then came up error and wanted to close. more boxes apeared clicked ok error came up and then more boxes kept hitting ok and then computer went black and started to shut down

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 9:12 pm

Will it boot ok? we can go the long way around.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 9:15 pm

computer restarted no diffrent but svchost has gone from the desktop

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 9:16 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 9:57 pm

GMER 1.0.15.15163 - [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-24 22:54:51
Windows 6.0.6001 Service Pack 1
Running: svchost1.exe; Driver: C:\Users\DEFAUL~1.ABC\AppData\Local\Temp\kxldypoc.sys


---- System - GMER 1.0.15 ----

Code 8815C520 ZwEnumerateKey
Code 87FC22F0 ZwFlushInstructionCache
Code 87F423FE ZwSaveKey
Code 880B9A1E ZwSaveKeyEx
Code 87FEE40D IofCallDriver
Code 87DDDFD6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 83247FE2 5 Bytes JMP 87DDDFDB
.text ntkrnlpa.exe!IofCallDriver 832C9F6F 5 Bytes JMP 87FEE412
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 833C030B 5 Bytes JMP 87FC22F4
PAGE ntkrnlpa.exe!ZwEnumerateKey 83415BAC 5 Bytes JMP 8815C524
PAGE ntkrnlpa.exe!ZwSaveKey 83463573 5 Bytes JMP 87F42402
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8346367A 5 Bytes JMP 880B9A22

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\GameSpy\Comrade\Comrade.exe[3268] KERNEL32.dll!LoadLibraryExW 76EB30C3 7 Bytes JMP 10005230 C:\Program Files\GameSpy\Comrade\rscoree.dll (rscoree/Remotesoft, Inc.)
.text C:\Program Files\GameSpy\Comrade\Comrade.exe[3268] USER32.dll!ShowWindow 7563D80A 5 Bytes JMP 0AE62880 C:\Program Files\GameSpy\Comrade\wpffix.dll
.text C:\Program Files\GameSpy\Comrade\Comrade.exe[3268] WS2_32.dll!sendto 757667C5 5 Bytes JMP 064733C0 C:\Program Files\GameSpy\Comrade\DetectLib.dll
.text C:\Program Files\GameSpy\Comrade\Comrade.exe[3268] WS2_32.dll!WSASendTo 7577A474 5 Bytes JMP 06473400 C:\Program Files\GameSpy\Comrade\DetectLib.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----

Library C:\Users\Public\svchost1.exe (*** hȋdden *** ) @ C:\Users\Public\svchost1.exe [3948] 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\gasfkymxtcrqpu.sys (*** hȋdden *** ) [SYSTEM] gasfkymdpuspsx <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00158315a318 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a318
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main\injector@svchost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gasfkymdpuspsx\modules@gasfkywsp8p.dll \systemroot\system32\gasfkypwqvbqie.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx\modules@gasfkywsp8p.dll \systemroot\system32\gasfkypwqvbqie.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx\modules@gasfkywsp8p.dll \systemroot\system32\gasfkypwqvbqie.dll
Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00158315a318 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx@imagepath \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main@aid 10149
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main@sid 0
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkymxtcrqpu.sys
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkycmd.dll \systemroot\system32\gasfkycgksorqr.dll
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkylog.dat \systemroot\system32\gasfkyiexedupr.dat
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkywsp.dll \systemroot\system32\gasfkymycvetyb.dll
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfky.dat \systemroot\system32\gasfkynfumcfjw.dat
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkywsp8.dll \systemroot\system32\gasfkyngtlexhw.dll
Reg HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx\modules@gasfkywsp8p.dll \systemroot\system32\gasfkypwqvbqie.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x8A 0xE4 0x13 0x74 ...

---- Files - GMER 1.0.15 ----

File C:\Users\DEFAULT.ABC_RANGE-1\AppData\Local\Temp\gasfky000 0 bytes
File C:\Windows\System32\drivers\gasfkymxtcrqpu.sys 68096 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\gasfkycgksorqr.dll 41984 bytes executable
File C:\Windows\System32\gasfkyiexedupr.dat 75022 bytes
File C:\Windows\System32\gasfkymycvetyb.dll 19456 bytes executable
File C:\Windows\System32\gasfkynfumcfjw.dat 43 bytes
File C:\Windows\System32\gasfkyngtlexhw.dll 21504 bytes
File C:\Windows\System32\gasfkypwqvbqie.dll 21504 bytes executable
File C:\Windows\Temp\gasfkyomtdxnertr.tmp 43 bytes
File C:\Windows\Temp\gasfkypwqetvtdbf.tmp 43 bytes

---- EOF - GMER 1.0.15 ----

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 10:39 pm

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to disable:
gasfkymdpuspsx

Drivers to delete:
gasfkymdpuspsx

Files to delete:
C:\Windows\System32\drivers\gasfkymxtcrqpu.sys
C:\Windows\System32\gasfkycgksorqr.dll
C:\Windows\System32\gasfkyiexedupr.dat
C:\Windows\System32\gasfkymycvetyb.dll
C:\Windows\System32\gasfkynfumcfjw.dat
C:\Windows\System32\gasfkyngtlexhw.dll
C:\Windows\System32\gasfkypwqvbqie.dll

Registry keys to delete:
HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet004\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx
HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 10:49 pm

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Sat Oct 24 23:47:05 2009

23:47:05: Error: Could not create Services key.
Aborting execution! (error 0: the operation completed successfully.)


//////////////////////////////////////////


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Sat Oct 24 23:47:17 2009

23:47:17: Error: Could not create Services key.
Aborting execution! (error 0: the operation completed successfully.)


any ideas ?

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 10:58 pm

all gone wrong computer wont boot windows in safe or normal mode

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 11:05 pm

no options work all say

file: windows\system32\ntkrnlpa.exe

status: 0xc000000f

info: windows failed to load because kernel is missing, or corrupt.

now i am bugged

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 24th October 2009, 11:14 pm

Do you have your XP disc? this rootkit isn't nice on the system. Sad tearing


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 24th October 2009, 11:20 pm

nope its a custom built pc n am running vista ultimate 32bit said in the first post, when i ordered the pc all i got was the tower (obviously) and 2 disks, both were software cds nothing todo with windows just 2 programs Sad tearing

is there nothing i can do without the cd ? its 2 expensive buying a new operating system Sad tearing

i have come across a fair few viruses but NEVER one this bad its a bloody b**ch of a virus

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 25th October 2009, 11:26 am

anyone ???

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 25th October 2009, 12:02 pm

i have found an online boot cd which i have downloaded, the startup repair is checking the system now.

if anyone runs into the problem i have getting rid of the packed.monder here is the boot cds needed (if u dnt have 1) both windows vista 32bit and 64bit: [You must be registered and logged in to see this link.]

i am unsure if the virus has gone if not do i retry the avenger program or will that just do the same again ?

thanks

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 25th October 2009, 12:26 pm

ok pc up and running virus still alive after rerunning avanger heres the log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Disablement of driver "gasfkymdpuspsx" failed!
Status: 0xc0000001 (STATUS_UNSUCCESSFUL)

Driver "gasfkymdpuspsx" deleted successfully.

Error: could not delete file "C:\Windows\System32\drivers\gasfkymxtcrqpu.sys"
Deletion of file "C:\Windows\System32\drivers\gasfkymxtcrqpu.sys" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkycgksorqr.dll"
Deletion of file "C:\Windows\System32\gasfkycgksorqr.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkyiexedupr.dat"
Deletion of file "C:\Windows\System32\gasfkyiexedupr.dat" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkymycvetyb.dll"
Deletion of file "C:\Windows\System32\gasfkymycvetyb.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkynfumcfjw.dat"
Deletion of file "C:\Windows\System32\gasfkynfumcfjw.dat" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkyngtlexhw.dll"
Deletion of file "C:\Windows\System32\gasfkyngtlexhw.dll" failed!
Status: 0xc0000156


Error: could not delete file "C:\Windows\System32\gasfkypwqvbqie.dll"
Deletion of file "C:\Windows\System32\gasfkypwqvbqie.dll" failed!
Status: 0xc0000156


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet002\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet004\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet004\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet005\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet006\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet007\Services\gasfkymdpuspsx" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry key "HKLM\SYSTEM\ControlSet008\Services\gasfkymdpuspsx" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 25th October 2009, 12:32 pm

new report with hijackthis:

Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Lexmark 1500 Series\lxdgmon.exe
C:\Program Files\Lexmark 1500 Series\lxdgamon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PEAK Multimedia\DVB-T Digital PCI Utilities\AFRCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [lxdgmon.exe] "C:\Program Files\Lexmark 1500 Series\lxdgmon.exe"
O4 - HKLM\..\Run: [lxdgamon] "C:\Program Files\Lexmark 1500 Series\lxdgamon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF23826.exe" /c "C:\ComboFix\C.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Center Agent] C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Global Startup: Remote Control.lnk = C:\Program Files\PEAK Multimedia\DVB-T Digital PCI Utilities\AFRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxdgCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdgserv.exe
O23 - Service: lxdg_device - - C:\Windows\system32\lxdgcoms.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Users\DEFAULT.ABC_RANGE-1\AppData\Local\TVersity\Media Server\MediaServer.exe

--
End of file - 8782 bytes



the bad image box no longer appears but avg is still firing the warnings at me

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 25th October 2009, 6:43 pm

Sigh, why do I always get the stubborn rootkits.

Go to Start > in the search box, type in "Run". Once the Run box opens, copy and paste in the following:

notepad "C:\Windows\System32\drivers\gasfkymxtcrqpu.sys"

Hit enter.
Notepad will open with lots of unreadable characters, just hightlight everything (ctrl+a), and remove everything, so it's left blank, then go to the File menu > Save.

Now re-run my avenger script.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 26th October 2009, 12:58 pm

tryed it worked then came back Sad tearing. BUT once i did that i ran avg which picked up the real name of the trojan alura.. something like that and an agent trojan. the araura (or something similar) being very servear virus so i updated AVG and windows Defender and launched them both 5 scans later they surfaced and defender wiped them out. as far as i know its gone. the AVG is not throwing up warnings and windows defender is coming back clean. i have ran hijack this came back clear, and i havent had the problems i have been. but time will tell, thanks for your help and if u dnt already feel free to take the link i posted for the vista boot disk and put it as a sticky as i wont be the only one without 1 u can pay full price for an operating system but it dnt mean u get the boot disk.

link supplyed will NOT allow u to install vista only run the boot repair. 1 file was removed to stop that for obvious reasons.

thanks for your help could not of found it without ya

Thank You!

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Jays250 on 26th October 2009, 12:59 pm

quick question what do u think of windows 7 should i upgrade from vista ultimate ?? i am totally unsure so if u could shead some light on it that would be good
.

thanks again

Jays250
Novice
Novice

Posts Posts : 16
Joined Joined : 2009-10-24
Gender Gender : Male
OS OS : Vista Ultimate 32bit
Points Points : 26068
# Likes # Likes : 0

View user profile

Back to top Go down

Re: YET ANOTHER PACKED.MONDER VIRUS

Post by Belahzur on 26th October 2009, 5:54 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum