Adware virus in my computer

Welcome to Majorgeeks!

Please follow our standard cleaning procedures (and I added one step for the Look2Me infection at the begining) which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Look2Me VX2 Removal
• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (the last three scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
• • Look2Me-Destroyer.txt
  • Bitdefender
  • Panda Scan
  • HijackThis

 

The directions do not ask for it to be run in safe mode.

You were not supposed to toggle System Restore yet. Step 1 of the READ & RUN ME states the below:

Please read step 7 of the READ & RUN ME again and follow the directions in it exactly. You are running HijackThis directly from the ZIP file which is exactly what we specify that you not do. You will not get any backups of things deleted if you run it this way.

After installing HJT properly, move on to my next message.

 

Is optusnet.com your ISP and do they require the below proxy server setting:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=optusnet.com.au:8080

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Network <--- the whole folder
C:\WINDOWS\keyboard71.dat
C:\WINDOWS\TWVsYXU\nqpPsro.vbs
C:\windows\newname7.exe <--- delete any files whose name starts with the text newname and ending in .exe (like newname1.exe, newname2.exe...etc)
C:\windows\mousepad7.EXE <--- delete any files whose name starts with the text mousepad and ending in .exe (like mousepad1.exe, mousepad2.exe...etc)
C:\windows\keyboard7.exe <--- delete any files whose name starts with the text KEYBOARD and ending in .exe (like KEYBOARD1.exe, KEYBOARD2.exe...etc)
C:\windows\GIMMYSMILEYS7.EXE <--- delete any files whose name starts with the text GIMMYSMILEYS and ending in .exe (like GIMMYSMILEYS1.exe, GIMMYSMILEYS2.exe...etc)
Also look in c:\ for any of the newnameX, mousepadX, keyboardX, GIMMYSMILEYSX files and delete them too

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You had a few infections! One was Adware.Maxfiles and the other is referred to by many names (depends on which tool detects it and which particular filename is found).
Trojan-Downloader.Win32.Adload.ae
Trojan-Downloader.Win32.VB.zg

Your log is clean! How are things working?

Note you have Symantec Security Center still install and you are using AVG. Did you know this? You need to uninstall all Symantec software.

 

Make sure you verify that no Symantec items show in your HJT log afterwards. Much like malware, Symantec does a poor job of uninstalling itself and frequently requires manual intervention.

Yes Windows Defender should work okay with AVG. They are two different types of programs. Windows Defender is an antispyware program and AVG is an antivirus program.

Yes you can delete all those files. The keyboard ones are part of the same infection and the files in Spybot's folder are just backups of the baddies it remove and you don't need them.


If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!