Help cant get rid of Trojan Virtumonde

[bigdrewfl]

Hey,

Someone please help...I have tried everything possible and this thing does not go away! Attached is my Hijackthis log.

thanks,
Drew

 

[AurelloSoft]

Consider fixing the following:
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 w.ww.aujoy.cn
O1 - Hosts: 203.208.35.101 w.ww.hao601.cn
O1 - Hosts: 203.208.35.101 w.ww.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 w.ww.xdj2008.com
O1 - Hosts: 63.175.76.152 w.ww.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 w.ww.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 w.ww.haoaoao.cn
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
O4 - HKCU\..\Run: [A00FB409DFD.exe] C:\DOCUME~1\ANDREW~1\LOCALS~1\Temp\_A00FB409DFD.exe


At Your Discretion:
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c0052D38 - C:\WINDOWS\system32\__c0052D38.dat (file missing)
O20 - Winlogon Notify: __c00A94B0 - C:\WINDOWS\
O20 - Winlogon Notify: __c00CBB67 - C:\WINDOWS\system32\__c00CBB67.dat

Other than that, you are going to need to run specialize removal tools.

 

[bigdrewfl]

Thanx!!!! That did the JOB!!!!

 

[bijang]

have same problem

 

[bijang]

dont know how to attached my HJT file

 

[LookinAround]

bijang - you should start a new thead for the problem on your computer. This thread is only for bigdrewfl

You should be able to attach files on your 6th post, as i recall the rules.