Infected with wml.exe, running Windows Vista Please Help

I keep getting numerous pop ups associtated with this wml.exe trojan. I have Trend Micro PC for my antivirus and have 2 different spyware programs as well as a registry cleaner and they all say they have found and deleted all threats on my PC.

I have read several of the posts out there in forums such as this, most of which deal with Window XP. I am running Vista Ultimate and am not sure where to begin. I see several people talking about logs, Hijackthis etc. I am new at this and need some help starting from the begining.

From what I can tell I need to follow someone's specific instructions on how to do this. Let me know where to start. This thing is driving me nuts!

 

Sorry

 

I have run all recodmened scans in your forum. Logs attached

Logs1

 

Logs 2

logs 2

 

Hi dslick21279,
Welcome to Major Geeks!

The log for hijackthis which is part of a set of logs called MGTools.zip is missing. Before I ask you to get it another way, please do the following:

Go to add/remove programs and uninstall the below:

Viewpoint Media Player

Then please open the following folders (don't open any files!) and tell me what's in them:

C:\ProgramData\ovmcmljs
C:\ProgramData\qialkjha
C:\ProgramData\scctcxty
C:\ProgramData\sjlbrxsx
C:\ProgramData\udrfjuxu
C:\ProgramData\urzryoqe
C:\ProgramData\zojgfkdq

After you complete the above, please go to C:\MGTools\analyse.exe and double-click on the file. Select the option to Do a System Scan and Create a Log. When it's finished, upload that log here as an attachment. The log should be located in the MGTools folder or directly under C and will be called hijackthis.log

If you're not able to run the program, please let me know if you get any kind of an error message. In either case, post some response back to me.

Thanks.
abri

 

There was nothing in any of the folders that you listed. I also uninstalled the Viewpoint Media Player as asked. Attached is the hijackthis.log file. Furthermore since running the specified clean up process I have had no further pop ups from the trojan, I would like to be sure that there are no harmful remaining files left behind though.

thanks

 

Hi dsl21279,

I'm glad things are running better. What did you do with the folders I asked you about? If they are still on your system, please delete them all and then do the following which will allow me to check your complete set of logs. If they are clean, then I'll post the final cleanup instructions to you.

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Optionally, fix the following programs as well. This will prevent them from loading at startup.

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

After you click fix, just close hijackthis.

2) Now run CCleaner at the default setting with the Windows tab as the top one.

3) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip.

abri

 

I do not understand what you mean by #2

2) Now run CCleaner at the default setting with the Windows tab as the top one.

I did all others and skipped it. Attached are the logs.

 

Hi dslick21279,

Please uninstall the following two folders:

C:\Program Files\Enigma Software Group
C:\ProgramData\Viewpoint

Then I would like for you to locate the CCleaner icon on your desktop (this should still be installed from running CCleaner in the first part of the READ & RUN ME instructions). Double click on it and in the window that opens up, there's a button in the lower right-hand corner of it where it says Run Cleaner. Click on this and allow it to run. When it's finished, just click on the red X in the top right-hand corner to clean the window.

Other than that, I don't see anything further that looks like malware. Please finish up now by running the final cleanup instructions that will remove the logs and the tools we put on your computer.

abri

 

I performed everything as specified except it will not allow me to delete the Enigma folder. I was able to uninstall the software but it will not allow me to delete or move the folder from its current location. A box pops up telling me I need permission to do this, I don't know why because I am the admin account on the PC. Any thoughts? It is actually a spyware program I purchased. Everything else went smoothly though. I really appreciate all your help.

DJ

 

Hi dslick21279,

Try rightclicking on the folder and see if you can change the permissions on one of the tabs so it will allow you to remove it.

abri