Klone virus help?

Hi


Spywareblaster is not a malware scanner, all it does is to add known bad activex and many websites that may infect you into the browsers blocked url listings, only blocks them after you install it and will not block an already present infection, just an FYI

But if a Virus was found best options, especially as your are experiencing issues with multiple browsers is to run the full guide below and the malware guys will tell you if malware is on your PC or not, if it is cleaning it up may help.



Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Note, if your only problem is with

C:\Program Files\HJT\hijackthis\backups\backup-20061001-203246-824.dll

that is just a backup file created by HijackThis when you previously (on Oct 10, 2006) fixed problems with it. You can just delete the backups from withing HijackThis or you can manually delete the folder.

You should not work issues in multiple forums. That is a very bad thing to do since neither knows about what is going on in the other forum and it can lead to confusion. Also it is discurteous. Choose which forum you wish to work in and attempt to resolve all your problems there. If you hit a point where you are finished fixing your problems or you cannot get them resolved, then it is not a problem if you seek help in another forum.

 

That would be the best course of action! After doing that we will have a much better feel for whether you have malware problems or not.

 

Actually based on your logs, PandaActive Scan was not run at all. Please run it. It always finds things that other programs do not.

How far did you get with Bitdefender ? Any error messages?

 

Cookies are not spyware nor are they problems! Panda is overstating what cookies are like most applications do.

That's what the READ ME says to do.

I'm not seeing any malware. Just a old version ( J2SE Runtime Environment 5.0 Update 9 ) of Sun Java that need to be uninstalled and then you need to install the current version from:

Sun Java Runtime Environment

 

That is not CPU usage. That is how much memory is being used. So exactly what have you been trying to say. Is you CPU usage high or is it the memory use?

 

Explorer can often go that high! It is not unusual and all depends on everything else that you have running. Right now on two PCs I have running explorer is at 6145K on one and 36980k on another.

 

Well let's do two more scans just to cover an area we did not check, but I don't expect to find anything.

Please download Blacklight Beta

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of the BlackLight log.

Also let's run a second rootkit detector, sometimes one will find what another does not.
Run this AVG Anti-Rootkit and attach a log from it too.



After that, I would say you have to try another forum! Which one is the question! You may have to start in Hardware. Make sure you mention that you PC was already checked for malware.

 

Blacklight will not harm your PC, especially if all you do is run a scan. Many programs give warnings like that. Even HijackThis is dangerous if used incorrectly.

I doubt that Blacklight is going to find anything anyway.

I'm going to give you a link and then a quote from this link that explains WMIPRVSE.EXE could cause problems like this and again I will emphasize that the problems are not malware. I highlighted an important area in bold brown color.

The below quotes come from: http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm

On additional comment I have is this. When you see wmiprvse.exe running, where is it running from. The valid process should be C:\Windows\system32\wbem\wmiprvse.exe

You will not be able to tell this with Task Manager. You will need to see it using HijackThis's process manager or you can use Process Explorer (see below).

Please download ProcessExplorer

• Unzip it to its own folder somewhere you can locate it.
• Now run procexp.exe by double clicking on it.
• Let's configure some options first:
  • Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked.
  • Now click on explorer.exe.
  • Now also under the View menu choose "Select columns" and put a check mark on "Image Path".
• Now when you see the wmiprvse.exe process running. Just run Process Explorer and continue on to do the below which will create a log.
• Now click on File and then Save As. And save the process list.
• Post it back here as an attachment.

 

I still want to see the BlackLight log!

Unless it shows me something, I recommend you head to the Software Forum because you are not showing any signs of malware.

 

Yes I can move the whole thread there but if we do that, you may not get anyone to read it since it is already 26 messages long! It may be better to start a new thread and clearly state only your remaining problems and also indicate that you have done malware removal already and reference this thread.

 

You're welcome and good luck. Make sure you also check out the below:

How to Protect yourself from malware!

 

You're on!