Help, "Your privacy may be in Danger" virus

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

• READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run theREAD & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

Did you notice how ComboFix deleted the C:\Program Files\antispyware folder and everything in it? It is not a good idea to save download in a folder you created in Program Files for just such reasons. Scanners will detect this as possible malware. Do not save things to Program Files. Make your Own Downloads folder somewhere in your user account and save them there. Or even make it a C:\Downloads folder.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)

After clicking Fix checked, exit HijackThis

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You did not download and run the program that was given on that page. You downloaded something from an adevertisement on the page. Uninstall whatever you downloaded. (Probably a registry cleaner from liutilities or UniBlue which you do not need. Disreguard everything the registry cleaner reported to you. ) You need to click one of the download links for the correct tool. The download links look like the below:

Free Downloads From
The Authors Site
MajorGeeks FL[SIZE=-3] - |USA|
MajorGeeks TX[SIZE=-3] - |USA|[/SIZE]
MajorGeeks TX[SIZE=-3] - |USA|[/SIZE]
MajorGeeks FL[SIZE=-3] - |USA|[/SIZE]
MajorGeeks FL[SIZE=-3] - |USA|[/SIZE]
Internode[SIZE=-3] - |Australia[/SIZE]

[/SIZE]
In fact the above links are all active and you can click on any one of them to download the Disable/Remove Windows Messenger tool.