Malware spiralling out of control!

Hello

My problem started with Smitfraud-C.Toolbar888 that no matter how many times I removed it, it just kept coming back. I also appeared to have several trojans. One or other of these problems kept bringing up spam webpages and fake security risk pop-ups from my start bar, which was annoying so I set about sorting it out.

I followed all the steps on the removal tutorial thread (clearing quarantined items, running CCleaner, Spybot S&D, Windows Defender, repeating it all in safe mode, running BitDefender, PandaActiveScan and getrunkey, shownew and HijackThis) preparing my computer to be able to post my problems on here. However, all was going well until I returned to my computer after the PandaActiveScan (in safe mode) to find about 4 pop-ups from "virus-scan" programmes and several flashing icons and balloons in the startup bar claiming I was infected and demanding I use their scan.
Since then my virus problems seem to be spiralling out of control!

After discovering this new problem I ran Spybot S&D and Ad-AwareSE and managed to remove about 15 problems. I spotted some programmes that had cheekily installed themselves (Virusbusters 6.2, Online Security Guide, Security Troubleshooting) so went to Control Panel-Add/Remove Programs and managed to uninstall Virusbusters 6.2, MediaTickets by OIN and Safety Alerter 2006.

Unfortunately however, I still have several trojans etc on my computer not to mention my original problem of Smitfraud-C!

Does anyone have any suggestions? I have run out of ideas what to do and am desperate!

(I have attached the BitDefender, getrunkey and shownew logs and will attach the hijackthis log on a post below.)

Please let me know if you need anymore information.

Thanks,

Doodlez

 

Hijackthis log attached....

 

Please see the below thread on how to install and run VundoFix

• Virtumonde aka Trojan Vundo Fix w/ Tool ...

Once you complete the above attach the log from the scan along with a fresh HJT log.

 

Thanks for your advice.

I ran Vundofix and it found 4 files 1 of which it could not remove so it restarted found another file which it removed but still could not get rid of the original (C:\WINDOWS\system32\mljgh.dll) no matter how many times I ran it and restarted etc.

I have attached the VundoFix log and a new HijackThis log.

 

Was you last HJT from Safe Mode? If so please attach a fresh one from normal mode.

 

Ah, yes it was.

New HJT log in normal mode attached. (P.S. done when named as analyse.exe)

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial.

Manually locate the folders below, delete if found. Just so you know the ? indicates an unprintable character so it will not look normal.

C:\WINDOWS\??mantec

C:\Program Files\LAUNCH~1

C:\Documents and Settings\Jane\Application Data\CROSOF~1.NET

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R3 - URLSearchHook: (no name) - {78EA74EB-E004-C8F6-2C55-BDCE6CCFBEE6} - C:\WINDOWS\system32\vjhnkw.dll (file missing)

O2 - BHO: (no name) - {0E99D103-D578-4F16-BAAF-45D9E6A17273} - C:\WINDOWS\system32\geedd.dll
O2 - BHO: (no name) - {36D2147A-2153-F9BC-29EB-0A7C962415D4} - C:\WINDOWS\system32\ugrfayj.dll (file missing)
O2 - BHO: (no name) - {39f25b12-74ff-4079-a51f-1d70f5b08b84} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {52E25A5C-953F-4EA5-8550-43C12DEFD4D7} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {78EA74EB-E004-C8F6-2C55-BDCE6CCFBEE6} - C:\WINDOWS\system32\vjhnkw.dll (file missing)
O2 - BHO: (no name) - {F18F04B0-9CF1-4b93-B004-77A288BEE28B} - C:\WINDOWS\system32\ofppxtbv.dll

O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxoj.dll,startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [lvsaksm.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\lvsaksm.dll,rqznibg
O4 - HKCU\..\Run: [Ttah] "C:\DOCUME~1\Jane\APPLIC~1\CROSOF~1.NET\winlogon.exe" -vt yazb
O4 - HKCU\..\Run: [Gbxnfgy] C:\WINDOWS\??mantec\fast.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O20 - Winlogon Notify: geedd - C:\WINDOWS\system32\geedd.dll
O20 - Winlogon Notify: winzdn32 - winzdn32.dll (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Next, you will be entering items into Pocket KillBox. Please select the “Delete on Reboot” Option. Copy&Paste each of the file names listed below into the box one by one, making sure Delete on Reboot is Checked for each entry. Click the Red X for each entry, but DO NOT Allow your machine to be rebooted until the last item has been entered:

** Note: For any of the .dll files, check the Unregister .dll Before Deleting box as well. If this option is not enabled, don't worry about it.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now and attach a fresh HJT log.

 

Bjgarrik,

Thank you very much for your advice. I really do appreciate it.

However, whilst following your steps, I started up my computer in safe mode and it wouldn't turn on past the windows log on screen. I eventually managed to use system restore to fix it.

I am now reluctant to try any more fixes that I don't fully understand myself and, as my computer is due a re-format anyway, am just gonna get rid of the viruses by formatting.

Thanks again for your great help. If I have any problems in the future I will definately come here first!

Doodlez x

 

I hate to hear your formatting however it's up to you. Good Luck!