Home > General > Trojan.Win32.Monder.195584


I clicked the link thinking it would take me back to the main group and went to another window. Cam Virtual: system32\DRIVERS\livecamv.sys (manual start) Reliable Multicast Protocol driver: \??\C:\WINDOWS\system32\drivers\RMCast.sys (manual start) Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start) Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe Adware.Agent.107363 Adware.Agent.107364 Adware.Agent.107499 Adware.Agent.125576.A Adware.Agent.135646 Adware.Agent.734744 Adware.Agent.781165 Adware.Agent.792603 Adware.ArchSMS.11230626 Adware.ArchSMS.2565120.RW Adware.ArchSMS.3366220 Adware.KorAd.155648.L HOME > Security Info > Engine Update status No. Trojan.Win32.Monder.195584 This is a discussion on Trojan.Win32.Monder.195584 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Source

Please post the contents of both log.txt (< Security Info > Engine Update status No. So I'm going to install OSSIM and teach myself how to do this.

Click Continue at the disclaimer screen. Backdoor.Win32.Agent.118788 Backdoor.Win32.Agent.126974 Backdoor.Win32.Agent.155648.D Backdoor.Win32.Agent.163844 Backdoor.Win32.Agent.18437 Backdoor.Win32.Agent.199168.D Backdoor.Win32.Agent.23215 Backdoor.Win32.Agent.240128.B Backdoor.Win32.Agent.249856.K Backdoor.Win32.Agent.29695 Backdoor.Win32.Agent.304128 Backdoor.Win32.Agent.31232.H Backdoor.Win32.Agent.367104 Backdoor.Win32.Agent.396800.J Backdoor.Win32.Agent.399872.K Backdoor.Win32.Agent.400384.L Backdoor.Win32.Agent.401920.F Backdoor.Win32.Agent.402432.E Backdoor.Win32.Agent.402432.F Backdoor.Win32.Agent.405504.C Backdoor.Win32.Agent.49152.K Backdoor.Win32.Agent.49152.L Backdoor.Win32.Agent.49152.M Backdoor.Win32.Agent.50688.E Backdoor.Win32.Agent.601600 Backdoor.Win32.Agent.601600.B Backdoor.Win32.Agent.65536.K Backdoor.Win32.Agent.90624.D Backdoor.Win32.Agobot.507904 Backdoor.Win32.Bancodor.457728.B Backdoor.Win32.Beastdoor.73227 Windows 7 32-bit Ultimate (not in use). 2. C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow

If you require support, please visit the Safety & Security Center.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile devicesXboxSkypeMSNBingMicrosoft StoreDownloadsDownload CenterWindows downloadsOffice downloadsSupportSupport homeKnowledge baseMicrosoft communityAboutThe MMPCMMPC Privacy StatementMicrosoftCareersCitizenshipCompany newsInvestor relationsSite mapPopular resourcesSecurity and privacy I was very hopeful at first but I have become disillusioned. 10-01-2008, 05:25 AM #4 TheBruce1 Security Team Analyst Join Date: Oct 2006 Location: Dùn Èideann,Scotland. When I returned to the google group window is when I discovered the link had been modified. Double click on RSIT.exe to run RSIT.

Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania helloplease post an avz log: http://forum.kaspersky.com/index.php?showt...st&p=678326 blackraven View Member Profile 28.06.2008 14:51 Post #5 Newbie Group: Members Posts: 6 can i switch off the power button or should i keep waiting? The helpers here are all volunteers and we have been very busy lately. http://www.microsoft.com/security/portal/entry.aspx?Name=Trojan:Win32/Vundo.gen!H The following 459 functions to detect(repair) types of malicious codes are added.

The following 544 functions to detect(repair) types of malicious codes are added. Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and If you are still having malware problems, follow instructions below. ======== Download RSIT by random/random and save it to your desktop. This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.   For more information, please see the Win32/Vundo analysis elsewhere in our encyclopedia.

Adware.4Shared.297409 Adware.4Shared.4669710 Adware.Addlyrics.3006464.B Adware.Adload.129832 Adware.Adload.506592.B Adware.Adpeak.269583 Adware.Adpeak.562666 Adware.Agent.1248264.BA Adware.Agent.1562632.H Adware.Agent.1741312 Adware.Agent.177488.F Adware.Agent.22528.R Adware.Agent.2420736.W Adware.Agent.2428824.AR Adware.Agent.287432 Adware.Agent.366936.AMS Adware.Agent.484352.E Adware.Agent.5111872 Adware.Agent.5243904 Adware.Agent.537952 Adware.Agent.547984 Adware.Agent.547984.A Adware.Agent.547984.B Adware.Agent.581312 Adware.Agent.585172 Adware.Agent.659268 Adware.Agent.659880 Adware.Agent.667304 Adware.Agent.667875 Adware.Agent.668704 Adware.Agent.705928 http://www.hauri.net/security/update_view.html?uid=2628&key=&cpage=225 restarting now EDIT: nope, its come back - also, i tried downloading the client to get an avz log but the zip file is always corrupted - is there another link? The following 67 functions to detect(repair) types of malicious codes are added. Once it has finished, two logs will open.

DOWNLOAD NOW Most Popular Malware'.aesir File Extension' RansomwareCerber [email protected] Ransomware'[email protected]' RansomwareRansomware.FBI MoneypakRevetonNginx VirusKovter RansomwareDNS ChangerRandom Audio Ads VirusGoogle Redirect Virus Top TrojansHackTool:Win32/Keygen New Malware Havoc RansomwareVBRansom RansomwareLambdaLocker RansomwareHakunaMatata RansomwareKaandsona RansomwareMarlboro RansomwareEvil this contact form Site Message (Message will auto close in 2 seconds) Welcome Guest ( Log In | Register ) Kaspersky Lab Forum>English User Forum>Virus-related issues Trojan.Win32.monder.gen, Can't scan in safe mode - Engine version Details 4853787 2013.09.23.01 Updated-Viruses(169 types), Spywares(12 types), Malicious programs(0 types) 1. Adware.Antivirus2008PRO.R.1073152 Adware.AntivirusXP2008.R.114176 Adware.Bacarrat.Icon.154112 Adware.Bacarrat.Icon.157696 Adware.Casino.Icon.193024 Adware.StartPage.43520 Adware.WinReanimator.R.308712 Adware.Zlob.Do.322560 Adware.Zlob.Do.34176.E Hoax.Bravia.18432 Spyware.Agent.48000 Spyware.Agent.65536.N Spyware.Agent.69632.F Spyware.Banload.Do.39155 Spyware.Banload.Do.39270 Spyware.Banload.Do.61110 Spyware.PSW.OnLineGames.43008.F Spyware.PSW.OnLineGames.50424 Spyware.PSW.OnLineGames.98816.C

Engine version Details 2543 2008.07.15.00 Updated-Viruses(68 types), Spywares(0 types), Malicious programs(0 types) 1. The function to detect(repair) 1103 type(s) of spywares has been added. System doesn't freeze when i click them, but the new boxes just don't open, is there another way to disable system restore?should i have done anything after the computer rebooted after have a peek here This family uses advanced defensive and stealth techniques to escape detection and to hinder removal.

I've tried to fix this for the last 3 weeks but it just re-installs itself every time I boot my machine. Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania Please run this scriptCODEbeginSetAVZGuardStatus(True);SearchRootkit(true, true); DelBHO('{57A52E74-004C-464B-96CC-4DFE5366EA02}'); DelBHO('{1C57C41D-B52A-40BD-923F-D8D28082E764}'); QuarantineFile('ljJBssQJ.dll',''); QuarantineFile('C:\WINDOWS\system32\wvUmliJa.dll',''); QuarantineFile('C:\WINDOWS\system32\ljJBssQJ.dll',''); QuarantineFile('C:\WINDOWS\system32\emwwcdtw.dll',''); DeleteFile('C:\WINDOWS\system32\wvUmliJa.dll'); DeleteFile('C:\WINDOWS\system32\ljJBssQJ.dll'); DeleteFile('C:\WINDOWS\system32\emwwcdtw.dll'); DeleteFile('ljJBssQJ.dll');BC_ImportDeletedList;BC_Activate;ExecuteSysClean;RebootWindows(true);end.http://forum.kaspersky.com/index.php?showt...st&p=678368 blackraven View Member Profile Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania wait for it to finish.

The following 0 functions to detect(repair) types of malicious codes are added.

Please Wait... blackraven View Member Profile 29.06.2008 07:03 Post #9 Newbie Group: Members Posts: 6 Joined: 25.06.2008 thanks luciani let the computer restart (took bout 40mins but all good now) used the computer Prevention Take these steps to help prevent infection on your computer. Use Microsoft Security Essentials or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer.

ACAD.Bursted.2258 Backdoor.Win32.Hupigon.369165 Backdoor.Win32.IRCBot.41984.N I-Worm.Win32.VB.53248.C INF.Autorun.529 INF.Autorun.84 Trojan.Win32.Agent.24576.AJ Trojan.Win32.Banbra.172038 Trojan.Win32.Banker.271872.C Trojan.Win32.Banker.333360 Trojan.Win32.Delf.16384 Trojan.Win32.Downloader.112928 Trojan.Win32.Downloader.115712.H Trojan.Win32.Downloader.117248.D Trojan.Win32.Downloader.154624 Trojan.Win32.Downloader.156672.C Trojan.Win32.Downloader.157126 Trojan.Win32.Downloader.157184.K Trojan.Win32.Downloader.160066 Trojan.Win32.Downloader.161792.B Trojan.Win32.Downloader.163328.D Trojan.Win32.Downloader.164867 Trojan.Win32.Downloader.16896.BT Trojan.Win32.Downloader.16896.BU Trojan.Win32.Downloader.172538 Trojan.Win32.Downloader.174014 Trojan.Win32.Downloader.174718.B Trojan.Win32.Downloader.17920.BN Trojan.Win32.Downloader.17920.BO Trojan.Win32.Downloader.180224.L Trojan.Win32.Downloader.186032 More Search Options [X] My Assistant Loading. Vundo is often distributed as a DLL file and installed on an affected machine as a Browser Helper Object (BHO) without a user's consent. Check This Out The following 19 functions to detect(repair) types of malicious codes are added.

The following 0 functions to detect(repair) types of malicious codes are added. Using Spybot-Search and Destroy I always find this in the registry: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameter\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\223:TCP I fix this each time but booting has it come up again. Currently Beta Testing: N/A Trying to get into graduate schoolCurrent job:pm me for info blackraven View Member Profile 28.06.2008 14:31 Post #3 Newbie Group: Members Posts: 6 Joined: 25.06.2008 hi, Tech Support Forum Security Center Virus/Trojan/Spyware Help General Computer Security Computer Security News Microsoft Support BSOD, Crashes And Hangs Windows 10 Support Windows 8, 8.1 Support Windows 7, Vista Support Windows

I am willing to take the training. Just get me trained and I'll help with the workload. 10-01-2008, 08:53 AM #6 DuvallBuck Registered Member Join Date: Sep 2008 Location: Washington Posts: 12 OS: xp pro Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads Backdoor.Win32.A.DarkKomet.5349376.A Backdoor.Win32.A.Iroffer.743913 Backdoor.Win32.A.Poison.7451561 Backdoor.Win32.A.Swrort.58368 Backdoor.Win32.A.ZAccess.183296.AN Backdoor.Win32.A.ZAccess.183296.AO Backdoor.Win32.Agent.105984.H Backdoor.Win32.Agent.108032.K Backdoor.Win32.Agent.29103 Backdoor.Win32.Agent.319488.D Backdoor.Win32.Agent.742912.G Backdoor.Win32.S.Agent.107520.AA Backdoor.Win32.S.Agent.144896.X Backdoor.Win32.S.Simda.770048 BAT.S.Agent.2810 Dropper.A.Agent.3552936 Dropper.A.Autoit.1371585 Dropper.A.Autoit.406719 Dropper.A.Autoit.429527 Dropper.A.Autoit.711359 Dropper.A.Injector.154112.EQ Dropper.A.Injector.195584.AS Dropper.A.Injector.219648.BQ Dropper.A.Injector.351957 Dropper.A.Injector.388886 Dropper.A.Injector.602112.S Dropper.A.Injector.684108.KG Dropper.A.Injector.932118 Dropper.Agent.305664.H Dropper.Agent.316416 Dropper.PSWIGames.24112

Trojan:Win32/Vundo.gen!H is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files. The function to detect(repair) 169 type(s) of viruses has been added. Group: Gold beta testers Posts: 56947 Joined: 28.01.2006 From: Timisoara, Romania Try to disable it from safe mode. I use The Shield Pro 2008 for both virus scanning and firewall but it isn't cleaning up my problem.

The function to detect(repair) 12 type(s) of spywares has been added. I was able to fix this after a couple of tries. Top Threat behavior Trojan:Win32/Vundo.gen!H is a component of Win32/Vundo - a multiple-component family of programs that deliver 'out of context' pop-up advertisements. They may also download and execute arbitrary files. Options blackraven View Member Profile 25.06.2008 03:53 Post #1 Newbie Group: Members Posts: 6 Joined: 25.06.2008 Hey all,I got this (i think it came in a Codemasters GRID demo) Trojan.win32.monder.gen detected

This post has been edited by blackraven: 28.06.2008 14:34 Attached File(s) SUPERAntiSpyware_Scan_Log___06_28_2008___19_53_48.log ( 1,28K ) Number of downloads: 6 Lucian Bara View Member Profile 28.06.2008 14:34 Post #4 Are I realize that this is a volunteer site. Here is my HijackThis log from Aug 21 when if first got infected: Logfile of HijackThis v1.99.1 Scan saved at 11:24:24 PM, on 8/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: