Help me Please-Virtumondo

I have Virtumondo on my system and I cannot remove it.I have tried Ad Aware,SpyBot,Mucrosoft Antispyware and disabled my startup registry.Nothing I do works everytime I reboot it comes back.Can anyone help me..and please bear with me as I am not computer savvy.I did download hijackthis if that helps

 

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

OK attaching..I hope I am doing this right

 

First, I need you to disable System Restore temporarily. Also I need you to uninstall the AOL Spyware stuff along with Microsoft AntiSpyware because these will block parts of the fix.

Next, please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

BJ thank you so much for your help so far,I am attaching it again and followed your directions

 

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to extract the files
• This will create a VundoFix folder on your desktop.
• After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
• Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
• You will first be presented with a warning and a list of forums to seek help at.
  it should look like this

• At this point press enter one time.
  
• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\sstqp.dll​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

• Next you will see:

• At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\pqtss.*​

• Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
• The fix will run then HijackThis will open.
• In HiJackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} - C:\WINDOWS\system32\sstqp.dll
O20 - Winlogon Notify: sstqp - C:\WINDOWS\system32\sstqp.dll​

• After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
• Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  
• Once your machine reboots please attach a fresh HJT log from normal mode.

 

Ok I followed your directions and I hope this worked
here is the new hijackthis log:::fingers are crossed::::
If I did something wrong please have patience with me,I am so overtired and not very computer savvy LOL
Thank you for all your help..you are a doll!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Rewards Network
(If you know this program, keep it)


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029

O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup 1.0.0.8.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -http://a19.g.akamai.net/7/19/7125/4019/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9BDA8A29-24F7-4F95-8C38-2DC79DD99C5F} (Invoke Solutions MILive Participant Control(MR)) - http://157.238.134.97/events/bin/media/3.0.0.1106-3.0.0.7203/MILive.cab
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (SoundCtl Class) - http://www.buzme.com/ActiveX/NPBMCtrl.cab
O16 - DPF: {D4F3F795-7712-4D92-91DF-AEB055D8AC73} (Invoke Solutions Compatibility Test Control) - http://157.238.134.97/events/bin/comptest/2.0.0.11/MILiveCompTest.ocx
O16 - DPF: {E9AE575A-FA4A-11D3-90F7-00C0CA1618FF} (BuzMeSetup Class) - http://www.buzme.com/ActiveX/BMAXSetup.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete the above REBOOT scan with HijackThis and attach the new log.

 

OK here it is..lets hope this worked
Thank you so much again!

 

Your HJT log is clean, are you having any further problems?

 

Oh my goodness thank you so much No new problems except MCaffee just popped up and said coolwebsitesearch is trying to install and I clicked no..I reinstalled Microsoft Antispy and am did another quick scan just to be safe and it came clean.I cannot thank you enough for all your help.You were awesome and very patient.Thank you!
Tammylyne

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!