Help Remove Maleware with Hijackthis and etc (part1of2)

Why was there no log for CounterSpy? Did it find anything? Has your trial period already expired or been used in the past? If so, you should have used AVG Antispyware.

Also where is the requested log from BitDefender?

Note:Fujacks can infect every executable type file on your PC!!!!! You need to have an antivirus program that can repair this infection. I'm not sure which antivirus programs will work on this since I have not had the infection to try it on. However I do know the McAfee fixes it since I used McAfee on a friends PC to fix his problem with Fujacks.

 

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Continue by downloading a tool we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later.

Now run Pocket Killbox by doubleclicking on killbox.exe

• select File, Cleanup, Delete All Backups
• Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
• Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\logo1_.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\zts2.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\SYSTEM32\iifgfgf.dll
C:\WINDOWS\SYSTEM32\vcmgcd32.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Now run Ccleaner

Now you should toggle System Restore per the instructions in step 8 of the READ & RUN ME.

Now I suggest that you make sure you have the current updates for your Symantec Antivirus. Then you should run a full system scan and let me know if any problmes are found. If so, note then name of the file as well as the virus/trojan name

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You did not follow all of my instructions. You still have J2SE Runtime Environment 5.0 Update 11 installed. This is out of date and should be uninstalled. Then install the current version from the link I gave you.

Many people run into problems running a variety of the online scanners. The problem is usually due to a setting on the users PC or due to other software they are running that it blocking proper operation. Sometimes an antivirus program or firewall can cause problems.

Microworld Antivirus is an okay application but it is way over priced especially for what it is. Also if you don't buy it, it is nothing but a scanner. It does have a few issues with false positives too. Why are you running it anyway? If you don't trust Symantec why do you have it installed?

Previously I had run Microworld Antivrus and it reported What do you thing of the 'Administrator' account in safe mode?[/quote]The Administrator account is normal and in a default setup it will only appear in safe mode. It is good that you password protected it now. That was a major security hole that could allow hackers full access to your PC.


Your logs are now clean. Are you having any current malware problems? If not, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

As I said many people run into problems with online scanners and most frequently it is due to settings on their PCs or other software being run. Also not having the current Java version has been know to cause problems too. Try shutting down all of Symantec, Trojan Remover, and your firewall and see it it runs. Also delete any existing files (like C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys )for TrendMicro before running the scan again.