Malware Double check

Welcome to Major Geeks!

Uninstall the below software:
Spybot - Search & Destroy 1.4 <-- old version and new version is already installed
Viewpoint Manager (Remove Only) <-- should have been uninstalled in step 1 of the READ ME
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Your J drive is infected. I assume it is a removable device. It will infect any PC you plug it into. You need to plug this removable device in now before starting the below so that it can attempt to clean it up.


You are way out of date with your version of SUPERAntiSpyware. Just to be safe, let's get the new version installed and run new scan.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.



Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run Ccleaner!

Now goto this link Using MGtools and download the new version of MGtools.exe from the black bold print link in the first sentence. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


Now attach the below log:

• the new SUPERAntiSpyware log
• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Actually my response was only 31 hrs and 4 minutes after your last post. Significantly less than even two days which is quite fast these days considering that malware is infecting PCs at rates greater than 10 to 20 times faster than it did even a year ago.

Quite possibly yes. They may or may not be and the only way to know for sure is to check. But the removable drive was for sure.

You can setup SAS to scan all drives but it may or may not find and remove this infection. The steps with ComboFix where trying to fix what I saw in the logs.

 

Why did you install Comdo???? You are not supposed to be installing anything we do not ask you to install. See the up front important notes in the READ & RUN ME. In addition, you violated the one antivirus program and possibly one firewall rules now too which is also in those up front notes. You now have both Verizon Internet Security Suite and Comodo Internet Security Suite installed. Before doing anything else, you must uninstall one of these and then reboot. You may have potentially messed up security center by doing this. And in addtion, these may have blocked ComboFix from running properly.

If the J drive was not inserted, it defeats part of the purpose of running ComboFix which was attempting to clean the J drive.

No! My instructions said to run a full scan of your system and attach the log. The order in which instructions are written is how the need to be run.

Not requested.

Not requested at this time and you don't need to shut them down while running SAS. You do need to shut them down while running ComboFix as originally stated on the website instructions for using ComboFix.

I think the above answers this.

Manually delete the below folders, some of which are due to failed attempts at running ComboFix because of the security suites:
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\Common Files\Symantec SharedC:\Documents and Settings\Amanda\Application Data\Viewpoint

Also manually delete the below file:
C:\WINDOWS\003153_.tmp

Did you create the below task?
C:\WINDOWS\Tasks\shutdown.job


What program if any are you using to control startups? You have many many things trapped in MSconfig registry keys and we do not want anything being run that uses the MSconfig registry keys. This includes using MSconfig.exe itself and programs like CCleaner which use this registry keys and fail to mark the MSconfig state keys properly.

We cannot continue until you address the above and then you will need to download and use the new version of MGtools to get a new MGlogs.zip file and attach it.

 

They added a full security suite not a firewall. One of them must be uninstalled immediately.

You should not be using CCleaner either as stated in step 1 of the READ & RUN ME which also explains to you what to do.

So be it.

They can also just come here themselves.