http://en.community.dell.com/forums/3522.aspxVirus & Spyware Sub-BoardCommunityServer 2008.5 SP2 (Build: 40407.4157)http://en.community.dell.com/forums/thread/19376895.aspxMon, 24 Nov 2008 00:40:29 GMTe3197daa-ef0d-4a70-8402-29215ff9a0f2:19376895ccteach0http://en.community.dell.com/forums/thread/19376895.aspxhttp://en.community.dell.com/forums/commentrss.aspx?SectionID=3522&PostID=19376895<p>Hi! Thanks! Do you know how long it will take for assistance? My response hasn&#39;t been replied to yet.&nbsp; </p><div style="clear:both;"></div>http://en.community.dell.com/forums/thread/19376759.aspxSun, 23 Nov 2008 20:54:26 GMTe3197daa-ef0d-4a70-8402-29215ff9a0f2:19376759Bugbatter0http://en.community.dell.com/forums/thread/19376759.aspxhttp://en.community.dell.com/forums/commentrss.aspx?SectionID=3522&PostID=19376759<p>As long as you have posted both the MBAM log and the HJT log, one of the analysts will pick it as soon as possible.</p><div style="clear:both;"></div>http://en.community.dell.com/forums/thread/19376732.aspxSun, 23 Nov 2008 19:50:53 GMTe3197daa-ef0d-4a70-8402-29215ff9a0f2:19376732ccteach0http://en.community.dell.com/forums/thread/19376732.aspxhttp://en.community.dell.com/forums/commentrss.aspx?SectionID=3522&PostID=19376732<p>I did post earlier in the malware thread...do I need to do another Hijack scan?</p><div style="clear:both;"></div>http://en.community.dell.com/forums/thread/19376727.aspxSun, 23 Nov 2008 19:30:06 GMTe3197daa-ef0d-4a70-8402-29215ff9a0f2:19376727Bugbatter0http://en.community.dell.com/forums/thread/19376727.aspxhttp://en.community.dell.com/forums/commentrss.aspx?SectionID=3522&PostID=19376727<p>Welcome<img src="http://en.community.dell.com/emoticons/emotion-1.gif" alt="Smile" /></p> <p>Please post your logs on the Malware Removal forum.</p> <li>The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.</li> <li><strong>Copy and paste the entire report into a New Message on the Malware Removal forum. Also include a fresh HijackThis log.<br />1. Just click the Start A New Thread button (upper right) in the Malware Removal forum here: </strong><strong><a href="http://en.community.dell.com/forums/3521.aspx%20">http://en.community.dell.com/forums/3521.aspx<br /></a>to start your own thread requesting assistance.<br />2. In the discussion window that opens, simply Right-Click and select Paste.<br /></strong></li> <p>&nbsp;</p><div style="clear:both;"></div>http://en.community.dell.com/forums/thread/19376642.aspxSun, 23 Nov 2008 17:13:00 GMTe3197daa-ef0d-4a70-8402-29215ff9a0f2:19376642ccteach0http://en.community.dell.com/forums/thread/19376642.aspxhttp://en.community.dell.com/forums/commentrss.aspx?SectionID=3522&PostID=19376642<p>Hi!</p> <p><br />When I start up my Windows I have a Rundll error that continues to open.&nbsp; I have Malwarebytes Anti-Malware installed on my system and it has located an infected virus that doesn&#39;t delete itself from my system even after I reboot. The malware identified Trojan.agent HKEY _local... Motovotuza.&nbsp; Please Help! Thanks</p> <p>&nbsp;</p> <p><strong>O4 - HKLM\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s</strong></p> <p><strong>O4 - HKUS\S-1-5-19\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s (User &#39;LOCAL SERVICE&#39;)<br /> O4 - HKUS\S-1-5-20\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s (User &#39;NETWORK SERVICE&#39;)</strong></p> <p>Logfile of Trend Micro HijackThis v2.0.2<br />Scan saved at 11:33:14 AM, on 11/23/2008<br />Platform: Windows XP SP3 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v7.00 (7.00.6000.16735)<br />Boot mode: Normal<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\Program Files\Intel\Wireless\Bin\EvtEng.exe<br />C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe<br />C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br />C:\Program Files\Bonjour\mDNSResponder.exe<br />C:\Program Files\Java\jre6\bin\jqs.exe<br />C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\Program Files\Apoint\Apoint.exe<br />C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe<br />C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe<br />C:\Program Files\Java\jre6\bin\jusched.exe<br />C:\WINDOWS\system32\hkcmd.exe<br />C:\WINDOWS\system32\igfxpers.exe<br />C:\Program Files\Apoint\HidFind.exe<br />C:\Program Files\Apoint\Apntex.exe<br />C:\Program Files\iTunes\iTunesHelper.exe<br />C:\WINDOWS\system32\ctfmon.exe<br />C:\Program Files\Veoh Networks\Veoh\VeohClient.exe<br />C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe<br />C:\Program Files\iPod\bin\iPodService.exe<br />C:\Program Files\Malwarebytes&#39; Anti-Malware\mbam.exe<br />C:\Program Files\Mozilla Firefox\firefox.exe<br />C:\WINDOWS\system32\NOTEPAD.EXE<br />C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896<br />R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157<br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157<br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896<br />R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896<br />R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157<br />R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/<br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local<br />O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />O2 - BHO: (no name) - {0e60fe57-f2c2-4b79-8af8-ec9eaa71b3d4} - C:\WINDOWS\system32\fumikowu.dll (file missing)<br />O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll<br />O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll<br />O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll<br />O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll<br />O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe<br />O4 - HKLM\..\Run: [IntelZeroConfig] &quot;C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe&quot;<br />O4 - HKLM\..\Run: [IntelWireless] &quot;C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe&quot; /tf Intel PROSet/Wireless<br />O4 - HKLM\..\Run: [SunJavaUpdateSched] &quot;C:\Program Files\Java\jre6\bin\jusched.exe&quot;<br />O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe<br />O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe<br />O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe<br />O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] &quot;C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe&quot;<br />O4 - HKLM\..\Run: [QuickTime Task] &quot;C:\Program Files\QuickTime\QTTask.exe&quot; -atboottime<br />O4 - HKLM\..\Run: [iTunesHelper] &quot;C:\Program Files\iTunes\iTunesHelper.exe&quot;<br />O4 - HKLM\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s<br />O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe<br />O4 - HKCU\..\Run: [Veoh] &quot;C:\Program Files\Veoh Networks\Veoh\VeohClient.exe&quot; /VeohHide<br />O4 - HKUS\S-1-5-19\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s (User &#39;LOCAL SERVICE&#39;)<br />O4 - HKUS\S-1-5-20\..\Run: [motovotuza] Rundll32.exe &quot;C:\WINDOWS\system32\misogija.dll&quot;,s (User &#39;NETWORK SERVICE&#39;)<br />O8 - Extra context menu item: E&amp;xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000<br />O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL<br />O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />O9 - Extra &#39;Tools&#39; menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />O9 - Extra &#39;Tools&#39; menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />O20 - AppInit_DLLs: C:\WINDOWS\system32\poyejame.dll <br />O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll<br />O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe<br />O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe<br />O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe<br />O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe<br />O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe<br />O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe<br />O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe<br />O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe<br />O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation&nbsp; - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe<br />O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe<br /><br />--<br />End of file - 6699 bytes</p><div style="clear:both;"></div>