Infected with 2 viruses/trojans. Please help!

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

 

You came here for our help! You need to do only what we ask you to do and absolutely nothing else. You should not be playing with Spy Sweeper and you should only be running what we ask you to run in the READ & RUN ME and in the order written from beginning to end and then attach the logs we request. We need to see the first logs!! Secondary logs are really not that helpful to us since we don't see the original problems. You can skip ComboFix for now until we see the rest of your logs.

Please read the instructions for Using MGtools. This is all documented on how to fix. Fix the problems and run MGtools and attach the requested MGlogs.zip file.

I also recommend that you attach a log from Spy Sweeper (even though their logs are typical very poor) so we can see what it thinks it is finding.

 

Just hitting return will not allow the programs to run properly. The do eventually terminate but the logs are not complete. I suggest you run the fix for error message type 1. And then I suggest that you run sfc /scannow from the Start, Run box. Have you Windows CD ready because it may ask for it.

You are just detecting files in Eset's NOD32 Quarantine. Step 1 of the READ & RUN ME asked you to empty quarantines.

The very first instruction in the READ & RUN ME also stated that you must not have more than 1 antivirus installed. Your logs both Avast and NOD32. You must uninstall one of these immediately and then do the below.



Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button.
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Uninstall the below as requested in step 1 of the READ & RUN ME:
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Viewpoint Media Player


Now please put your PC into Normal Startup mode with MSconfig as also requested in step 1 of the READ & RUN ME.


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O23 - Service: Network DDE (NetDDE) - Unknown owner - C:\WINNT\system32\netdde.exe (file missing)
O23 - Service: Network DDE DSDM (NetDDEdsdm) - Unknown owner - C:\WINNT\system32\netdde.exe (file missing)

After clicking Fix, exit HJT.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). Hopefully it runs now after doing all of the above.


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

If you do not find NOD32 in Add/Remove programs, we will have to remove remnants manually because it is still in your registry and the folder does exist.

Also you should try deleting the c:\program files\eset folder yourself.