Trying to Remove AntiVermins2.1 logs attached! Please help!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by leadster618, Dec 18, 2006.

  1. leadster618

    leadster618 Private E-2

    Well I have succumb to malware, in particular, Antivermins 2.1. It, like the others before me pops up an icon saying i need to purchase the software to rid myself of the problem. I already used Counterspy, AVG, and Spybot, AND Avast, who all detected the problem, prior to reading your threads. I found this site when all programs said it was removed and it stays around on my computer. I ran all the scans as told on the "Read & Run Me First" thread. The only issue i ran into was that i had to go to normal boot mode to run the bitdefender and panda scans. I have attached the logs below and I really hope there is a way to solve this. Also, is the spyware actually gone now and the icon just needs to be removed or is system restore still restoring my system to keep the spyware? Until I get a response from you Im leaving my computer on, that way I can get a confirmed clean bill of health and then turn off the system restore and reboot. Please hurry, I know you are very busy, and I appreciate you providing your help free, its just that I am a design student and if my computer is down or slow, none of the high graphic programs like blender, photoshop, and illustrator will run. Thank you in advance, leadster618
     

    Attached Files:

  2. leadster618

    leadster618 Private E-2

    here are the other logs, panda scan said something was wrong but now the other scans say i'm clean, should i try reinstalling the other spyware scanners and see if they pick it up again? I forgot to ask that on my first post... thanks again, leadster618
     

    Attached Files:

  3. leadster618

    leadster618 Private E-2

    Also I am on Aim right now and for some time as long as i say otherwise, so if it is possible to reach me there for you it could be easier...thanks!
     
  4. leadster618

    leadster618 Private E-2

    Never Mind, I ran ad-aware in safe mode and turned off system restore. It caught the problem AND it is now completely removed, Im turning on my system restore now. Ill check back here so if you find something else I should look into other than the AntiVermin problem, post it, your alternative scan list helped, so kudos to you guys. I think my computer is clean again, so if im right, let me know. Thanks again!
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Based on your logs, you have other problems to deal with. Let's get started!


    I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

    ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

    Now attach new logs from:
    • GetRunKey
    • ShowNew
    • HJT
    How are things working now?
     
  6. leadster618

    leadster618 Private E-2

    Here's the first step's log file. I see no problems anymore, AntiVermins is gone and all scans are coming up clean. Are these really that serious? Have i been using my computer all this time with these problems? Please elaborate on what problems I have....I would like to know.
     

    Attached Files:

  7. leadster618

    leadster618 Private E-2

    Other logs Rapport, etc....
     

    Attached Files:

  8. leadster618

    leadster618 Private E-2

    HJTHIS log
     

    Attached Files:

  9. leadster618

    leadster618 Private E-2

    Now things seem to be worse than before, my desktop is gone to a blue screen and i think its actually taking longer to load. Thank you, I was doing fine before this. Can I just go back and return to the way it was before? I was having no problems and now it seems slower...
     
  10. leadster618

    leadster618 Private E-2

    Okay I timed it, and it isnt slower than the previous time i recorded, its about the same, like a second faster. Anyways, my desktop was part a saved desktop background in firefox, so i assume that got deleted somehow, no biggy. But the only thing that has been bugging me is since i have had my laptop, it does this blink-ing thing when i see the desktop. The notification area of the taskbar blacks out and my cursor moves to the center of the screen. Sometimes if i open a window the window will black out in addition to the right side of the taskbar. Is this just the laptop touch pad or the graphics card "righting" itself for use, or just loading up? My laptop is a thinkvantage lenovo IBM t60p. I just purchased it for school this past July. Other than that constant blinking thing, which isnt a problem, ive gotten used to it... what do the logs show about the other problems? Were they really serious or more just needing to clean? cuase i do have to clean out some files, uninstall some useless programs and move my work to disk for the next school term. Thanks for your continued help on my problems, leadster

    By the way, do you know any good programs that can help with cleaning other than CCcleaner? And are there any thourough free disk defragmenters? I have diskeeper lite which does a good job, but it leaves all these "moderately defragmented" files alone and only works on the most defragmented ones. I guess its there ploy to get you to buy the full version? Okay Ive said enough, thanks again!
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You had a Smitfraud infection that needed to be cleaned. That is why your Desktop got reset. It has to do this to remove the infection. Just set it back to whatever you previously had set.

    You need to uninstall all the below old versions of Sun Java. You don't need them since you have the current version installed.
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9

    Do you know what the below file is for
    Code:
    "C:\WINDOWS\system32\"
    msusen~1.dll  Nov 22 2006       24575  "msusengwinsyspio46.dll"

    You can also have HijackThis fix the below lines. The second two are not malware. They are just unnecessary items to load at start up that waste system resources and slow things down. The first is a left over from having FlashGet download manager installed at some point.
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    You should also delete the below left over folder from Viewpoint (the junk that AOL forces on you).
    C:\Program Files\Viewpoint


    Any speed/performance problems you may be experiencing are simply due to all the stuff you are loading/running.


    I'm not sure I understand exactly what you are saying but this does not sound like a malware issue. It is either a software/driver issue or a hardware issue. Neither of which are topics we work on in this forum.


    Other than what I already gave you and what you have done in the READ & RUN ME, there is nothing else to do. You are the one who has to decide what applications you need on your PC. We cannot do that for you. Everyone has different requirements.

    What is it that you think you want to clean that CCleaner does not clean? There are more drive cleaners here if you care to experiment: http://www.majorgeeks.com/downloads12.html

    Not a topic for this forum! This is better suited to the Software Forum or take a look at some mentioned here: http://www.majorgeeks.com/downloads8.html

    Many people like: O&O Defrag 2000 Freeware Edition


    If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
  12. leadster618

    leadster618 Private E-2

    Do you know what the below file is for
    Code:
    "C:\WINDOWS\system32\"
    msusen~1.dll  Nov 22 2006       24575  "msusengwinsyspio46.dll"

    yeah i do not know what that is from, should i be worried? Other than that I did the other steps, and everything is running beautifully. Thanks for your help with the defrag program and the direction for my "blinking screen" you have been a really great help! I'll check back to see if the above file is a problem or not, but other than that, i think i am good! thanks, leadster618
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would like to get some more info on the C:\WINDOWS\system32\msusengwinsyspio46.dll file. Locate it again using Windows Explorer and then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. Make sure that at a minimum you tell me the Company Name. If there is no Version tab, tell me that too.
     
  14. leadster618

    leadster618 Private E-2

    I found the .dll file and its very vague. No Version tab only a general and a summary. It says in general that it is an application extension and opens with an unknown application. It was created Wed, Nov 22 2006. I really dont remember what I was doing then, but around that time I installed a windows theme which I uninstalled and I believe we cleaned up a file from that just recently. In addition I installed an "objectdock" because I wanted to try out the look of the Mac dockbar (with the icons that move and grow as you move the mouse over them) instead of my taskbar. It never uninstalled my taskbar, I would just tell it to hide while the objectdock ran over top the space on my desktop. Could one of these things be the cause of this? They both occurred around that time. Thanks for being so thourough and diligent in helping me with my problem!
     
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    We can do a few things:

    1. Run the file thru this online scan which will test it with multiple antivirus applications. http://virusscan.jotti.org/ Click the Browse button a navigate to the C:\windows\system32\msusengwinsyspio46.dll file to scan it. Report what is found (if anything).
    2. Put the file into a ZIP file and attach it here to a message and I will take a look at it.
    3. Rename the file to msusengwinsyspio46.ddd which will prevent it from being found or used by anything that could be using it. The after a couple days of normal PC usage and some reboots, you should know if the file is needed for anything.
     
  16. leadster618

    leadster618 Private E-2

    heres the file, i tried going on to virusscan.jotti as of 2:02 am of the 21st but the site was down. Im afraid to rename the file, as it could really mess something up. You see if you look on the hardware and the software forum I posted requests for help with my family's home computer because my dad ran defrags and now windows wont run and the it said the hard disk is bad...I cant believe that defragment cause the problem. So doing the littlest thing right now is scaring me, I just got my laptop back to being great, so if i can avoid errors I'll wait. As soon as virusscan.jotti is back up I'll scan it. I'll check back to see if something is up with the file. Thanks again, leadster
     

    Attached Files:

  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It says it is for IconCool Software\My Buddy Icons

    Is that something you installed at some point or is it for instant messenging?
     
  18. leadster618

    leadster618 Private E-2

    Oh yeah, that was back from when I was using AIM, but I got sick of the spyware and ads so I switched to Trillian. I uninstalled AIM a while ago, so I guess its cool to delete it then?
     
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes you can delete it. Make sure you have now completed everything in message # 11.
     
  20. leadster618

    leadster618 Private E-2

    All right! I guess that's everything then? Message 11 has been completed again after the file has been deleted everything seems to be in order! I want to thank you again for helping me with all my problems, if my computer goes down I cant do anything for my school work, and being that I'm a design major, that would be bad. Also thanks for introducing me to some new programs like CCleaner and the new defrag program, those will help in the future. I'm really impressed by the diligence and knowledge that the people at MajorGeeks have and the speed of your responses. Thanks again, leadster618
     
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Good luck in school and surf safely!
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds