Viruses found over and over

Welcome to Major Geeks!

QUESTION: Do you have a Intelli Mouse Pro installed? You may have an infection pretending to be this.

These are in System Restore and can only be removed by disabling System Restore and then re-enabling.

Unless you attach the logs that were clearly reuqested, we cannot help you. You need to attach the other 3 required logs from SUPERAntiSpyware, Malwarebytes, and MGtools.

Also you have iolo System Mechanic Pro installed. Doesn't this include an antivirus program?

I also see that you have Spy Sweeper install. Is it a paid version? Did you know that AVG8 already has antispyware protection builtin? Also you have Spybot's Teatimer running (which our instructions did say not to use). All of these items can be conflicting with each other.

 

Then you would have 3 antispyware protection programs running (AVG8, System Mechanic, and Spy Sweeper). This is not recommended.

Based on the MGlogs.zip file just attached, Teatimer is actively running and being actively loaded in your start up list. You could be having difficulties changing settings due to all the protection software running and conflicting with each other. Please go check the Spybot Teatimer settings right now and see how they are set.

What is Vidalia Bundle?

 

Based on your logs you appear to be in pretty good shape now, but we have a couple of things to do. First you must make sure that Teatimer is not running and you also must make sure you shutdown Spy Sweeper to avoid having the block the changes. Also after rebooting your PC, if any protection program warns you about changes to your registry, you need to allow them or our fixes will not work.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now reboot your PC.
Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).


Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your logs are clean.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:

 

Yes it got chopped of during the copy and paste. It is one of our sticky threads. Here it is:

How to Protect yourself from malware!

 

Based on everything shown in your logs that was removed, nothing for Flashplayer was touched. Perhaps you need reinstall the plugin.

 

You're welcome. Surf safely!