More Antivermin problems (Part 1 of 2)

Re: More Antivermin problems (Part 2 of 2)

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

Re: More Antivermin problems

You never did step 2 of the READ ME (at least not correctly).

Also you did not rename HijackThis as requested in step 7 of the READ ME. You have this:

C:\Program Files\Hijackthis\HijackThis.exe

and it must be this:

C:\Program Files\Hijackthis\analyse.exe

Please complete these two steps correctly now before continuing.


Now download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster
• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\Vic\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

I also recommend uninstall AVG Anti-Spyware since you have Windows Defender installed to do you malware blocking.

Now run this Disable/Remove Windows Messenger to remove Windows Messenger.

• Now Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to ieupdater
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteMicrosoft IE Updater into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot if it tells you it needs to. We will reboot later.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now reboot in normal mode

Now locate the below files and delete it if found:
C:\WINDOWS\Media\kbui32.dll

Also delete all files in the below folder except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Administrator\Local Settings\Temp

Now run Ccleaner.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Re: More Antivermin problems

Here are new steps to continue with!

Start by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\Media\kbui32.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Administrator\Local Settings\Temp
Now run Ccleaner.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Re: More Antivermin problems

That's fine! The Pocket Killbox fix I gave you was going to do the same thing. You don't need it now, but we have some more to do.

Part of the registry patch did not work. Windows Defender may be getting in our way! Let's try again and we have some other things to address too.

First disable Windows Defender:

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• Close Windows Defender

Once your log is clean you can re-enable Windows Defender Real Time Protection.


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now delete the below folder leftover from CounterSpy:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Sunbelt Software

Also delete the below file (use MoveOnBoot if necessary):
C:\WINDOWS\system32\update66232247.exe

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Select and Protect Quotation <--- let me know if you receive any error message when uninstalling this
System Alert Popup <--- let me know if you receive any error message when uninstalling this

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now attach a new log from ShowNew and also run the below new scan and attach the requested log afterwards:

Getting Uninstall Programs List From The Registry


Is everything still working OK?

 

Re: More Antivermin problems

Yes you can! Everything is all cleaned up now!


If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Re: More Antivermin problems

You're welcome. Surf safely!