Abetear A and vundo viruses

Hi,

I am with virgin media pc guard and anti-spyware .I had my anti-spyware saying that it could not delete Abetear A. It was sending me to other web pages and my anti-spyware kept coming up on the screen cannot delete abetear A and also had vundo viruses.I have carried out your malware removal faq which has been brilliant and cleaned my computer up. It has deleted vundo viruses which I deleted the folder the viruses were in.Abetear A has also been cleaned up and my anti-spyware says computer is clean and I am not getting redirected to other pages on the web.I have run the combofix and hijackthis.log of your website and its given me information that I have no clue about can you please help and what I need todo.I will add the information to this email by attachment.

 

Hi buzz!

Your computer is still infected. I can see this from your HJT log. In order to finish the clean up process, we need for you to work through the set of instructions below ans post all 6 logs to us. Please be sure to rename hijackthis.exe to analyse.exe and make sure it is in the correct folder, as per the instructions. You do that kind of towards the end after you run the other scans.
abri

​

....

 

Hi abri,

Thanks for looking at my problem I have on my computer and
the advice. I am working late the next few nights and I cannot get to
the computer. I will send you the information as soon as I can.

cheers

buzz

 

Hi Abri,

I have enclosed information that you have requested.
Able to do all scans.First counterspy scan weatherbug low risk adware status deleted.second counterspy scan said no infections.Vundo scan no infections.
bitdefender said there was problems also activescan enclosed logs.Was able to download all tools also used online scans as suggested.

Could you also advise me on the best anti-virus,firewall and antispyware
for my computer as I have lost total trust in virgin medias packages.Is that
enough protection for the computer that I have mentioned above.

cheers

Buzz

 

Hi Abri,

Forwarding more scan log reports

cheers

Pete

 

Hi Abri,

Sending analyse.txt scan

cheers

Pete

 

Hi Pete!

First, a question: Do you know what these files/folder are in the box just below?

The Mobile Phone Downloads comes attached with a lot of adware. In the instructions below, we'll be deleting the task bar they install, called ASKTBAR, but whether you want to keep the rest of this is really up to you. It won't hurt anything on your computer. The two .sav files don't matter as long as you know what they are.

And now, please run the following instructions:


1) Please open up Spybot and turn off the Teatimer function, which recognizes programs which make changes to your registry as harmful, even if they are programs we want to use to fix your computer. To turn off Teatimer, open Spybot S&D by double clicking on the icon. Go to Mode and click on Advanced. Click on Tools on the left side of the window and under Resident make sure Resident Teatimer is unticked.

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

3) We are finished with CounterSpy now. Please go to add/remove programs and uninstall:

- Sunbelt CounterSpy

4) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

5) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

6) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

7) After you have completed all of the above, please attach the Avenger log, and after running new scans for ShowNew (newfiles.txt), GetRunKeys (runkeys.txt) and analyse.exe (hijackthis.log) please attach fresh logs for them as well. Let us know how it went and how your computer is running now.

• Avenger Log
• ShowNew Log
• GetRunKey Log
• HijackThis Log

abri

 

Hi abri,

The three files bu00.sav,bu10.sav and mobile phone downloads I have
deleted if that is okay.Unticked teatimer.Could only delete windows messenger short-cut ,could not find program in my remove programs.I do not use it can you advise how to find and delete it.Counterspy deleted.Ticked the four you quoted me and clicked fix.Run Avenger.exe and pasted 7 files you quoted me to do and rebooted computer by its self.Cleaned up with ATF cleaner and run scans.

My computer is running fine and internet access is quicker.

I have attached files as requested

cheers

Buzz

 

Hi abri,

Enclosing Hijackthis log.When looking though files for hijack log came across window messenger in my program files tried to delete it said it was getting used so it would not delete.

cheers

buzz

 

Hi Buzz!

1) Most programs cannot be successfully removed from your computer by simply deleting them. For Windows Messenger, you need to use the tool we posted. Please click on the blue link below and once you've downloaded the zip file to your harddrive, please follow the instructions in the box just below the link:

Disable/Remove Windows Messenger

Let me know if this worked!

2) One of the entries in your HijackThis was not successfully removed. I will get back to you about this.

abri

 

Hi abri,

I uninstalled windows messenger with the download file you sent me.
When doing this the computer came up you must restart computer for the new settings to take effect.Did that and everything on the computer is fine. I checked program files and then messenger file and alot of files in there are gone and I am left with Ivback.gif ,mailtmpl.txt and msmsgsin.exe.

cheers

Buzz

 

Hi Buzz,
You can go to C:/Program Files via Windows Explorer and delete the Messenger folder and its remaining contents. The tool you ran made it inactive and it's just taking up space. If you ever have to reinstall Windows, it will be back and you'll have to use the removal tool to get it out again, but you know where to find the removal tool now, right here at the website.


It's possible your antivirus program is blocking the one R0 line from being fixed. Please disable your antivirus program before doing the following:

Scan with HijackThis again and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX and if the 04 entry for the MSMSGS is gone, just continue and after you exit all your browser windows click fix.)

Please post a fresh HijackThis log so I can see if it's gone.
abri

 

Hi abri ,

I have enclosed new hijackthis log.


cheers

buzz

 

Hi Buzz!
That looks better! Please make sure your antivirus program is turned back on. If you're not having any more malware symptoms, please follow the instructions in the box. You asked in an earlier post about what we recommend for antivirus/antimalware software. At the end of the final instructions below there's a link to a page called "How to protect yourself from Malware". There are a number of suggestions in there for tools that are effective, light and compatible. Also, it recommends what combination will give you the best protection without compromising your computer's effectivity. I think you'll find it a good read. Hopefully we will not see you back in this forum anytime soon, but I want to invite you to look around the other forums which provide a lot of assistence in all other areas connected with computers.

Let me know how everything goes!
abri

 

Hi abri,

Thanks very much for all your help and advise.I have also learned alot from you about looking after and cleaning up my computer. My computer is now running great and I will look at the pages on protection for the computer.


cheers

Buzz

 

Your welcome!

Happy computing!

abri