TechSpot

Help cant get rid of Trojan Virtumonde

By bigdrewfl
Aug 27, 2008
  1. Hey,

    Someone please help...I have tried everything possible and this thing does not go away! Attached is my Hijackthis log.

    thanks,
    Drew
     
  2. AurelloSoft

    AurelloSoft TS Rookie Posts: 30

    Consider fixing the following:
    O1 - Hosts: 202.165.102.205 972.aksjd11.com
    O1 - Hosts: 202.165.102.205 w3og.cn
    O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
    O1 - Hosts: 203.208.35.100 w.ww.aujoy.cn
    O1 - Hosts: 203.208.35.101 w.ww.hao601.cn
    O1 - Hosts: 203.208.35.101 w.ww.psp476.cn
    O1 - Hosts: 72.14.235.99 222.1212l112.net
    O1 - Hosts: 72.14.235.99 444.1212l112.netn
    O1 - Hosts: 72.14.235.99 555.1212l112.net
    O1 - Hosts: 72.14.235.99 111.1212l112.net
    O1 - Hosts: 65.55.21.250 111.3243l24.com
    O1 - Hosts: 65.55.21.250 222.3243l24.com
    O1 - Hosts: 65.55.21.250 333.3243l24.com
    O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
    O1 - Hosts: 125.64.8.112 kao.gmwo06.com
    O1 - Hosts: 125.64.8.112 444.gmwo07.com
    O1 - Hosts: 116.252.185.15 ru.update365.us
    O1 - Hosts: 116.252.185.15 ad.update365.us
    O1 - Hosts: 207.46.232.182 popmails.net
    O1 - Hosts: 203.208.37.99 3.goodhh.com
    O1 - Hosts: 220.181.37.55 down.rwixr.com
    O1 - Hosts: 160.79.42.52 w.ww.xdj2008.com
    O1 - Hosts: 63.175.76.152 w.ww.revtr.cn
    O1 - Hosts: 219.133.40.91 qq.ljsll.com
    O1 - Hosts: 203.208.35.102 w.ww.aassccwe.cn
    O1 - Hosts: 209.132.177.50 973.aksjd11.com
    O1 - Hosts: 209.132.177.50 974.aksjd11.com
    O1 - Hosts: 209.132.177.50 971.aksjd11.com
    O1 - Hosts: 209.132.177.50 975.aksjd11.com
    O1 - Hosts: 72.14.235.104 user1.12-39.net
    O1 - Hosts: 192.150.18.101 ata1.sysions.net
    O1 - Hosts: 192.150.18.101 ata2.sysions.net
    O1 - Hosts: 192.150.18.101 ata3.sysions.net
    O1 - Hosts: 192.150.18.101 ata4.sysions.net
    O1 - Hosts: 193.120.42.226 8nnnnn99.cn
    O1 - Hosts: 24.39.54.34 w.ww.haoaoao.cn
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
    O4 - HKCU\..\Run: [A00FB409DFD.exe] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\_A00FB409DFD.exe


    At Your Discretion:
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: __c0052D38 - C:\WINDOWS\system32\__c0052D38.dat (file missing)
    O20 - Winlogon Notify: __c00A94B0 - C:\WINDOWS\
    O20 - Winlogon Notify: __c00CBB67 - C:\WINDOWS\system32\__c00CBB67.dat

    Other than that, you are going to need to run specialize removal tools.
     
  3. bigdrewfl

    bigdrewfl TS Rookie Topic Starter

    Thanx!!!! That did the JOB!!!!
     
  4. bijang

    bijang TS Rookie

    have same problem
     
  5. bijang

    bijang TS Rookie

    dont know how to attached my HJT file
     
  6. LookinAround

    LookinAround Ex Tech Spotter Posts: 6,491   +183

    bijang - you should start a new thead for the problem on your computer. This thread is only for bigdrewfl

    You should be able to attach files on your 6th post, as i recall the rules.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...