Critical System Errors! System Alerts and more just popping up!

About 5pm yesterday, my computer went haywire with pop up messages! System Alert: Trojan-Spy.Win32@mx (and then it has a pop up that says click this baloon to download official security software) Then if I try to get on the internet, it opens with Security Center - Microsoft Explorer, http://safeiepage.com/ and a pop up which says I have a W32.myzor.fy@yf or ADW_winfixer.Q and again I just have to click to get software to remove it! Obviously, I have not clicked on anything, I just came to Major Geeks!

I have followed the procedures outlined in READ & RUN ME FIRST, but I have encountered nothing but problems in trying to run a few things......I went to the special removal procedures and found what I thought might be a fix for the Winfixer, I ran it and it came back clean - nothing found.

I then proceeded to reboot in Normal Startup, rebooted, emptied my Trend Quarantine, downloaded CCleaner, enabled viewing of hidden files, downloaded GetRunKey.Zip and ShowNew.Zip, Spybot - Search & Destroy, Microsoft Windows Defender, Microsoft Malicious Software Removal Tool & Hijack This!

I rebooted in safe mode and ran CCleaner which came up with quite a few items which were deleted. Ran Microsoft Malicious Software Removal Tool which didn't find anything, ran Spybot and the computer went black in the middle of the scan, rebooted and started it again. Rebooted in Normal and ran Windows Defender but it would not complete the scan - tried 3 times. Went on to Bitdefender.....the first time I ran it it stopped abut 1/8 of the way and the computer shut down and rebooted itself. Ran it again and it got about 3/4 of the way through and again the same thing happened, ran it a third time and it got 3/4 through (by the way each time took about 2 hours!) and again it happened. Rather than do anything else, I am looking to you for direction!?

I have not run the Panda or Hijack This as I thought I should contact you first since the other scans didn't get completed.

My operating system is Microsoft Windows XP Professional version 2002, w/service pack 1 (have not been able to download 2 completely and yet it shows up in my log that I have it) it's a AMD Duron, 1.31 GHz and 1.0 GB of Ram.

Thanks for your help
Pam

 

Re: Critical System Errors! I have been invaded with spyware!

Ok, since I did not hear from you I decided to try to fix my problem myself! I will refresh you with all the things I have done and what's happening now.

My OS system is Microsoft XP Professional Version 2002
Service Pack 1 is installed (cannot download 2)
Computer is an AMD Duron(tm)
1.31 GHz
1.00 GB of RAM

I followed all the instructions on READ THIS FIRST and most of it worked this time (might be due to the hour of day it is) I had something called "VideoKeyCodek" put on as a program on my computer about 3 pm yesterday and didn't realize it.

I found out when I tried to get into the internet and I was diverted to safeiepage.com with 'scarry' messages and pop-ups about having a virus and needing to click on their button to get it removed. Also my task bar had a yellow box with a question mark in it flashing on and off and pop-up messages saying 'critical error' and other things.

I went to your site and tried to clean this up, however, due to the late hour I gave up about 3am. I started again from scratch and followed all your steps and did the following:

Found your Virtumonde aka Trojan Vundo Removal - downloaded and ran it
nothing was found!

Downloaded CCleaner, enabled vieewing of hidden files, system files and fixe extensions

Downloaded GetRunKey.Zip and ShowNew.Zip
Downloaded SpyBot - Search & Destroy
Downloaded Windows Defender and Windows Malicious Software Removal Tool
Downloaded CounterSpy and Hijack This!

I rebooted in safe mode and ran Ccleaner - deleted items which came up
Ran Malicious Software Removal Tool - nothing came up
Ran Spybot Search & Destroy - had a few items come up and fixed
Rebooted and tried to run Windows Defender - couldn't because I have SP1
Downloaded CounterSpy and ran that - had to reboot in Normal - log attached
Ran Bitdefender - had a pop-up which said "TmProxy Module experienced critical error.......I hit debug and finished the scan
also had another window pop-up which said "isamini.exe encountered problem so I hit debug on this and finished scan - found nothing - log attached
Ran Panda- log attached

Rebotted into normal boot mode and a pop-up came up that said PcCtlCom Module has encountered problem.......again I debugged

Here' where I may have erred: I ran Hijack This! before I ran the GetRunKey and ShowNew but I can run another Hijack This if you want? I will attach these three files on another thread.

thanks for looking at this......I really need to get rid of this darned spy stuff! I still am diverted to the safeiepage.com when I try to go on the internet!!

HELP!!

Pam

 

Here's the rest of the downloads you asked for................Hijack This! log is on the next one!

Pam

 

Here's the Hijack This! log

Pam

 

Somehow my message was posted twice?? I didn't hear from anyone and I attempted to solve the problem by redoing all the things in READ THIS FIRST. I put attached all the scans on the other post. When I still didn't hear anything I became desperate and redid everything in READ THIS FIRST & since then I think I resolved my problem! However, I then downloaded SP2 because I thought it might work finally and it did - it loaded then my whole computer went sour!! I couldn't reboot into anything other than safe mode and finally talked to some 'techies' at work and they said to uninstall SP2 - I did and I now have my computer working!! How well I'm not sure, but if you tell me to rerun some scans again to see how it is, I will!

Thanks,
Pam

 

Per your request I am attaching the Panda scan log, the GetRun, ShowNew and Hijack This! logs......I will have to send Hijack This on a separate reply due to the number of attachments allowed.

Thanks,
Pam

 

Here's the Hijack This! log

Pam

 

I had HJT fix the 4 items you listed and the following is what I found in the C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033

There are two .dll's, one is NSEXTINT.DLL and the other is MSOVINT.DLL. Both of these files show an install date of July 2003.

Should I delete the scans I did before or just leave them where they are? Also, due to the problem I had when I downloaded SP2, do you have any suggestions what course I should take?

Thanks in advance, you really helped me! I also found it interesting how many people were having similar problems.....made it a little easier to see what I had to do to correct my computer. I love the site!!!!

Pam

 

Thanks ssooooooo much for all your help. Yes, you are absolutely right, I should be more specific re the SP2 problem!

After all the clean up on the 'bugs', my computer once again notified me I needed to install SP2. Up to that time, whenever I tried to download the SP2 from Microsoft, it would stop in the middle and a pop up would let me know SP2 was unable to be installed. This time when the notice came up that I needed to install SP2 I decided to try it again and it actually went almost all the way to the end of the bar showing it was downloaded! I waited and waited and nothing seemed to be happening but I didn't want to cancel or do something stupid so I just kept waiting and oops, fell asleep for about 1/2 hour and when I woke up the screen was beeping, it was black then a message came on the black screen and as I recall it was something about a critical error.........I turned off the computer and rebooted and the computer would try a couple times but could not start up. Finally, a screen came up that allowed me to start in 'safe mode' and I did. From there I tried many things but my restore points were gone, I couldn't connect to the internet and when I asked a techi at work what could possibly have happened, he said he didn't know but I could try uninstalling SP2 and I should be taken back to the point I was at when this all started and he was right!!!! That's how I got back to the point where I was cleared of viruses and operating on SP1 (which is where I'm at now!) Let me know what you think!

Pam