Ulitimate Defender, Deep Dive, Smitfraud. Please Help!!

bit defender log
shownew log
getrunkey log

 

I have finished the read me run me thread, and ran the smitrem. exe from the special removal procedures thread. i still get error messages that say security warning trojan.w32. looksky. even when you hit no to not delete it, internet explorer pops up with ultimate defender software advertisements. and it puts a window, covering my desktop, thats red, and says you're privacy is in danger. when i run spybot it comes up with smitfraud and deep dive. it says it deletes it but it doesnt. halfway through panda activescan it shuts down my browser, just cuts off, but by that time i do believe it says i have 2 trojans and 2 rootkits. avg wont let me save a report, i think thats partially due to the fact that none of these programs come up when i reboot in safe mode under administrator. i have to reboot in safe mode and log on to my windows login to get most of these programs to be available. which makes the screen size really large, and some windows are too large and cannot be resized so i cannot get to all options. if you can tell me a way to change that then i will try again. thank you for your help.

hijackthis log
smitrem log

 

Hi ashmo,
Did AVG Antispyware find anything and if so, did you have it fix what it found? It's possible you can change the screen size problem by changing your screen resolution in normal bootup mode. Try that and see if it brings the safe mode window sizes down. Please let me know if that works.
Thanks!
abri

 

avg antispyware found logger.banker.zn i had it take whatever actions were told too. i changed the screen size and it still shows up too big and when i maxamize it so it fits the screen but i cant scroll down.

 

Hi ashmo!


1) Please look in Add/Remove Programs for the following and uninstall them if found. If you get any errors just make a note and proceed.

2) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

3) Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

4)Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

5) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


6) After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

abri

 

ok i did all that it went smoothly i just got error 1327 invalid drive h and then fatal error during installation for all of the uninstalls except Java(TM) SE Runtime Environment 6 Update 1. here are my logs and thank you

 

avenger log

 

also after i did all that the messages and windows stopped popping up, i was very excited but then about 5 hours later it started to pop up again. just in case you need to know that. thanks for the help

 

Hi ashmo!
The instructions you followed in post #5 didn't work because you missed a couple of things in the READ ME which are important. Please open up Spybot and turn off the Teatimer function, which recognizes programs which make changes to your registry as harmful, even if they are programs we want to use to fix your computer. To turn off Teatimer, open Spybot S&D by double clicking on the icon. Go to Mode and click on Advanced. Click on Tools on the left side of the window and under Resident make sure Resident Teatimer is unticked.

Also, it's likely that Panda turned off in the middle of the scan because you use Avast. Please rerun the Panda scan, but turn off your Avast antivirus program while you run Panda. Panda finds many things that other scanners don't find and it fixes those which are very bad for your computer and leaves the rest, but it gives us the information as to what's there in the log it produces called activescan.

I didn't understand what problems you were having with uninstalling programs via add/remove programs. You mentioned installing the uninstalls. Could you give me a bit more information? Are you the administrator? Do you get any message as to why you can't unintall all the old java programs?

After you've deactivated Teatimer and run the Panda scan, please redo the instructions in post #5 and then post the requested fresh logs along with the activescan log from Panda.

Thanks!

abri

 

ok i turned off the spybot teatimer, but when it is prompting me about the registry changes i did allow them. but i turned off my avast and it still cut off during the panda scan. when i click to uninstall the old java programs it asks me am i sure i want to remove and i say yes. it starts, gets to the end, and then i get a msg that says error 1327.invalid drive: h:\, and i click ok. then another box, headed add or remove programs, pops up and it says fatal error during installation and i click ok. that happens with all of those programs. except java (tm) se runtime enviroment 6 update 1 and counter spy, which are both uninstalled. i also am the administrator, but when i click administrator in safe mode a lot of the programs i need to run for all this arent available, so i select my login name to do this when safe mode is required. could that be the problem? thanks abri, if i may address you by that name

 

Yes, abri is fine.
You don't have to run them under the name Administrator in Safe Mode. Running them under your name is fine. Please open Spybot and click on the tools button at the left side and then on system startup and make sure Spybot SD Teatimer is unchecked there. If it's still checked, please uncheck it and reboot before you try the things in post #5 again. If there's something you can't do, please skip it and go on. Post what logs you have when you get done and we'll go from there.
abri

 

these are my logs

 

run keys

 

Hi ashmo!

A lot of the changes we're trying to make still aren't working. Something's blocking them. Please uninstall Spyware Guard and AVG Antispyware and then continue with the below.

1) Scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

2)Now go to Avenger on your desktop.
[*]Run avenger.exe by double-clicking on it.
[*]Check the 'Input script manually' box.
[*]Click on the magnifying glass icon.
[*]Copy everything in the Quote box below, and paste it in the box that opens:
[/list]

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

3) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

4) After you have completed the above in the correct order, please attach the following logs.

• Avenger Log
• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

new logs and thank you abri

 

runkey

 

Hi Ashmo!
That went better! Your logs are clean. Is your computer working better? Please make sure your antivirus is turned on and then, if you are not having any other malware problems, you can do our final steps:

Let me know how everything goes!
abri

 

it hasnt given me any problems for a couple of days. im going to do everything in that last post and i really appreciate all your help. thank you so much abri.
ashley

 

my pleasure ... safe and happy surfing!

 

i know its been awhile, but i have some other questions if youre willing to help.
when im in the my computer window it's no longer split up in categories like it was before. im sure its something simple but i cant figure out how to get it back to that category view. also im wondering which programs i can get rid of when my computer first starts. i think something may still be wrong bc when i try to update my ea link it keeps giving me a invalid drive h.

 

do overs ...

Welcome back!
These problems may be software rather than malware problems, so I will ask you to please post these questions in the Software Forum. They can help you with your startup list. For the other two things, you may need to add a little to your explanation. Do you mean your My Computer window is no longer divided? Can you post a screen shot of what you mean? Also, what is ea link?
abri

 

yes i meant that it is no longer divided. i dont know how to get the snapshot to be a smaller file size. and ea link is a program that allows you to download ea games directly to your comp instead of buying it at a store. but that can probably go with the software post.

 

When you post in software, ask them how to resize your screenshot so it can be uploaded here.