Virus barrage blocks all Internet access...

Welcome to Majorgeeks!

Please follow the directions in step 7 of the READ & RUN ME. You must install HijackThis where requested and you MUST rename the executable as requested. After doing this, please attach a new HijackThis log.

Did someone knowingly install and do you use CommView? If not, you should uninstall it. It is not malware but it is a potentially dangerous utility when place in the wrong hands.

Do you now what this ijji program is that is in Add/Remove programs and also the below line is for it?

O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin7USA.cab


Are Prevx and CounterSpy the free trial versions or paid versions?

 

If you don't use it, you should uninstall it. That applies to anything else you don't use. Why waste the system resources on things you don't need or use.

Then also uninstall Prevx.


Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Windows Vista/NT Runtime Compatibility Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

ntrcs

If you receive any error messages just ignore them and continue.

Now exit HJT and reboot when it tells you it needs to.

After reboot install this current version of Sun Java: Sun Java Runtime Environment

Then uninstall the below old version of Sun Java:
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6


Now download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Now attach a new log from HJT and also tell me if you are still having problems. If so, describe them.

 

What do you mean by this statement? Is this a new problem?

At this point I would say you should be uninstalling Norton completely. Then reboot and look at a new HJT log. Make sure there is absolutely nothing from Symantec/Norton showing. If there is, then manual steps will be needed to remove the rest of it. After you get all of Symantec removed, let's see if IE works.

 

Start by downloading - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
Now back on Killbox's main window, Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

C:\WINNT\system32\wgareg.exe


If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

After reboot tell me how the steps went. Also double check to make sure the C:\WINNT\system32\wgareg.exe file was really deleted.

Make sure you tell me how things are working now!

You need to get started on the below steps ASAP since your PC is running without protection. Personally I do not recommend re-installing Norton. And you should think twice about it too after what you just saw. It was the root of your problems with IE.


If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

We are almost there! Attach a new HJT log. Also attach a new GetRunKey log.

Malware can come from anywhere! It can be difficult to pin point exactly where it came from.

 

That is exactly what I expected!

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Windows Network Security Management Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above stop and disable for the following services:
Windows Genuine Advantage Registration Service


Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

nsms

Now repeat the Delete NT Service steps for:
wgareg

If you receive any error messages just ignore them and continue.

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\system32\4.tmp
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\4.tmp
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Security Management Service] C:\WINNT\system32\4.tmp

After clicking Fix, exit HJT.
Now reboot your PCin normal mode and post a new HJT log. :

Make sure you tell me how things are working now.

 

You're welcome! Now back to what I previously said:

 

Sorry about that! No! Just complete the How to protect thread.

 

You're welcome. Surf safely!