More Unidentified Malware

Please reset msconfig to normal startup!

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 11"
J2SE Runtime Environment 5.0 Update 9
Norton AntiVirus 2003 or avast! Antivirus --- do not run two anti-virus programs. Choose one and uninstall the other.
Sunbelt CounterSpy
Zango Browser and Wowpapers Tools


Please find and delete:
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\
xmscfg.txt
xrkey00.txt
xrkey01.txt
xrkey02.txt
xrkey05.txt
xrkey06.txt
xrkey07.txt
xrkey10.txt
xrkey12.txt
xrnotif.txt
xrquery.txt
xrquery2.txt

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download and run Blacklight

Now attach new logs for:
ShowNew
GetRun
Blacklight log

 

Direct quote from the READ & RUN ME step 6

I'll be back later to take a look at your logs.

 

Did you do the registry patch that I provided in post #3 ?
Or the program removals?

 

Because it didn't take ....

Please download and run Chodefix.

After running, please attach new logs for:
Chode
Shownew
GetRun
HJT

 

1. Download this file - Combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

What is this:
C:\longcat

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

* Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt
Attach new logs for:
Avenger
ComboFix
HJT
GetRUn
ShowNew

 

LOL ....good name!

Do the rest and post the logs.

 

Actually reposting the logs is not a courtesy. It is a necessity to make sure that things were actually cleaned up.

In the future if your boss does not want you to follow the instructions that we post (and that includes running the Online Scanners which are a necessity too) then you will have to fix these PCs on your own. After all why should we help you do something for free when you are getting paid to do it to begin with especially when you or your boss do not want to follow our instructions.

 

I understand what you are saying and I also realize your perspective is different from your boss's. However that does not change the fact that your boss and your company are getting paid for fixing the PCs and we are doing all the work. If your boss wants to use this site to do that, it's okay! But at least he should be sure to allow you to follow ALL of our directions and that includes the online scans (which you have not been running) and then also completing all follow ups. Otherwise why are we bothering to do this when it is contrary to our goals of removing all malware.

By reading the threads and learning how to recognize problems and the procedures used to remove them.

Yes that's by design because too many people do not know what they are doing and were giving bad advice (some very bad).

You can ask as many questions as you want in threads that you start and we will answer them as best as time allows. Non-malware questions should be asked in one of the other tech forums. You need to start posting other useful technical posts to help others in the other forums too. This will demonstrate your knowledge, background, posting styles, the amount of time that you are willing to spend here helping, and will get you even more experince which will help to get you ready to post in the Malware Forum in the future. It is not out of the question that you could not do this. You just need to learn some more first (by your own admission). And then we will help you learn the rest.

That's not what I really was saying. While we really appreciate doing the work and having someone else get paid for it, we do request cooperation and that all of our instructions be followed. That is the price for our freely supplied support.

Get a spare cheapy PC to play with. We all experiment that way ourselves. I have multiple PCs running all versions of every Windows OS except Vista right now. I don't have a spare PC with enough horse power on it to run Vista. I have 4 PCs that could run it, but I'm not willing to convert any of them to Vista.

Sometimes the most difficult thing is to get the infections that people have. It is often more difficult to get an exact infection than it is to actually remove it. It is actually pretty amazing how people pick up all the garbage and then they say they don't know how they got it. I find that to be very unlikely since I can even try to get infected and not pickup much of what people get. Too much porn, too much P2P and torrent download, too much illegal cracked software or keygen software....etc are the most likely causes and I tend to doubt that you would not know when this stuff is being used or when those kind of sites are being accessed.