Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 malware

Hi I'm new (did I mention that I love you guys?)

So, I well actually my baby (my computer now referred to as 'my baby') contracted Vista Antivirus 2011. I was on youtube and getting zamzar to convert a file to an MP3 for me. I was downloading the MP3 as usually (never ever had problems with zamzar before!) and Vista Antivirus 2011 blocked all access to my files and the internet except to purchase their 'solution' product.

I'm not incredibly computer saavy but I knew something was up so I closed everything but everytime I tried to run anything (ex Microsoft Word) it prompted the 'Anti Virus Protection' and started the fake scan again.

I discovered that I could get onto the internet in the admin account. I then proceeded to have a long two hour conversation on my skype phone with my boyfriend before figuring out what to do about the problem...probably some 5 hours later I got to an online forum for fixing this (unfortunately it wasn't THIS forum and what they recommended didn't work).

I then followed their suggestions of saving and running a fix.reg file with these stats:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]
[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]


Then I ran mbam. I isolated and destroyed the trojans etc. and then emptied the quarenteen upon restarting.

Then, none of my apps would run in my infected user account including itunes, word, mozilla etc. and an error came up asking me to choose which file I wanted to run the app. In the admin account I couldn't access the internet but through following the link to 'find a solution for this problem on the internet' was able to get a mozilla help page up and from there had free access to the net.

So I went back to the forum and followed the suggestion to try a system restore. I did. (oops I know)

Now the apps are working on my admin section but not in the originally infected user profile. (same error message)

Originally during the infection the admin account was still able to access the internet then after the first scan and reboot I got the same error (tell me which app to run this app in message) in the admin section too. When I did system restore the admin account started working again.
But still no change in the infected user account.

Then, I found your forum where it said not to do a system restore. grr! Silly other forums ( I will never go anywhere else now ;D)

So I followed the Read and Run First procedures. (I'm feeling pretty snazzy to have accomplished all that! ha!)

Here's what happened:

1. Couldn't run cleaner on infected user account but could run it on the admin account.
2. My Baby couldn't locate misconfig in either accounts when I tried to open it through the icon in the start menu(a lot of things seem to be 'missing' since I first ran mbam.)
3. I turned off windows firewall, avast and tried to get into windows defender but again I got the message that the computer couldn't locate the file through the icon in the program files menu.
4. Something weird came up in a second window while running the MG at the end wanting me to accept or decline terms of service for something I didn't recognize. Afraid that with my firewall disabled it might be more malware I did neither action but closed the window with the X in the top corner.

Now, windows defender is still fried (unlocatable) in admin and infected user account. In admin weird things have happened to my file/app locations (example microsoft office file folder shows only Microsoft Word but when I search for Excel I can find it under Programs\Excel and run it but the icon doesn't show anywhere even in the Programs Menu)

In the infected user account nothing can be located or run (or just about) the office and Skype applications I tried produced an 'App. not found in main profile' error; other programs won't start up and ask to choose the program to start the file! This occurs both from desktop icons and if I try to start the program through the start menu or programs menu.

Ok, I think that's all I've noticed that's wrong...also, my computer is and NP Pavilion tx1000 Notebook. It was having serious start up and reboot issues for many months. I've owned it since October and the start up problems started in Dec/Jan.

Essentially when it when into sleep mode it wouldn't wake up. I looked this up on a forum and disabled sleep mode.

Then it also started to not be able to reboot and when after a rest and turning it off it still would take 5 -10 tries through out the day (or two) to get it going. I looked this up and they suggested removing the battery letting it sit for 5 mins and trying again. I did and it would sometimes work and sometimes the lights would skip and the turn on wouldn't occur. Othertime it would turn on and the fan would run but nothing would display on the screen. So, I'm telling you all this because after I did the system restore it actually solved the problem with the restart...I haven't tested it on sleep mode or starting up fresh from being turned off. I'm wondering if this is an old infection improperly cleaned up or if it is a Vista OS problem (or an HP problem)

I bought my baby second hand with no back up disks (because I felt poor and it was cheap).

Here are the attached logs. Thanks SO very much for your help. I'm excited to learn how to take care of my baby and keep her running a while longer! She is my business tool, phone and connection to the outside world when I travel so I need her to be reliable...I hope you can make her better!!!

Thank you thank you!

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

Here are the rest of the logs...

Again thank you in advance for your help. I can not purchase another computer at the moment and your assistance is saving my business! Blessings to Geek land!

Also, in some cases I did not know where to find the attachment (I told you...if it works I can use it so I copied the original log into a notepad, saved it unaltered to my desktop and send that instead. I hope this is ok. It seemed to have the same info.

Cheers!

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

Ah! I figured out the weird think I couldn't identify when running the last scan. it was
a HijackThis log I created at the beginning of using this forum to help me... My Anti Spy Wear http://myantispyware.com/forum/how-to-use-spyware-removal-forum-must-read-t2.html

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

okay sorry last reply (I don't want to seem like I'm bumbing!) I just want to give you accurate information...the site above was NOT the forum that gave me the information to do a system restore I think is was this forum: http://www.2-viruses.com/remove-vista-anti-virus-2011#comment-26883 (appologies to anyone at my anti-spyware) I may have accidentally gotten confused and used two forums as I was going along. but the file that was running was the permissions for the HiJack this log which I closed without permitting. Thats it! Thanks

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

Hi! Thank you!
Everything seems to be running great in both user profiles.

So happy to have my baby up and running. Is there anything else in the registry I need to fix to keep her happy?

Here are the logs.

Blessings!
Carlie

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

Thank you SO much! My computer is in better condition than before it was with the problem I came to you with!

I installed Security Essentials after reading your "How to Protect Yourself from Malware post". I must have misunderstood, but it did not seem like I had a real time blocking tool as Avast was not listed under those. I thought I needed one so I got security essentials to fill in the gap. It says you recommend one real time blocking tool from the list. Is it PLUS spybot and spywareblaster? (I wasn't clear about that) or should I install one of those instead of Security essentials? Do I need all of this as well as Avast, Superantispyware AND Malware bytes?) I'm not clear about what I need for the best and most complete protection (which is why I got confused and installed Security Essentials).

Is it still true that IE is safer that Firefox? Too bad I really prefer Firefox....
So for Active X I couldn't find Allow paste operations via script. 'support microsoft.com ...' link next to it, the article says for internet explorer 4 it's:
Script ActiveX controls marked safe for scripting...should I disable or prompt this setting?

I tried the Update for Windows Vista (KB950582) (I have a 32 bit system) but it said the update did not apply for my system.

Disable auto run worked.

That's it...she's purring like a kitten now! Thanks again

Elfqueen33

 

Re: Read and Run Me done, solutions don't transfer to other users- Antivirus 2011 mal

Oh, I've noticed that windows defender still reports when open:
operation failed to initialize: 0x80070006 The handle is invalid. Any suggestions?

Elfqueen33