Annoying spyware

That has defeated all my attempts to remove it!

I have tried all the normal programmes. Spybot, Adaware, all the things suggested in the READ & RUN ME FIRST thread and it still defies any attempts to get rid of it.

The problem started when I stupidly agreed to download Ivideo codecs.

I have got rid of the mini ad generator, but I still have an item in the system tray. Is a blue circle with a yellow cross in it alternating with a yellow question mark. The only real symptom is a recurring pop up "balloon" warning of critical system errors. When I click this balloon it takes me to

virusbursters.com/?aff=334

I am running AntiVir guard.

I have attached the logs suggested in the READ ME FIRST thread except the Panda one as I have attempted to run this three times and it has succeeded in crashing everything three times.

I hope there is sufficient info there and would really appreciate any help or suggestions from those more knowledgable than I!

Many thanks

Matt

 

Also the HJT log

 

Are you familiar with Lenovo?

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.48.96.23/atponline/jalo/index.asp

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU

O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU)

O11 - Options group: [JAVA_IBM] Java (IBM)

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O21 - SSODL: bonspells - {11853d5f-f894-4cc7-bbc3-fc7a9dcfd896} - C:\WINDOWS\system32\okkmtv.dll

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\WINDOWS\system32\okkmtv.dll

Next, run CCleaner to clean up cookies and temp files.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

BJ.

Thanks for the advice. I have made the changes you suggested in HijackThis except for the IE start page which I use for my course.

I have attached the HJT log as requested. I have not had any problems carrying out the actions you suggested. Super spyware remover managed to get rid of the spyware on the fourth attempt, hopefully this will have sorted the problem.

Once again many thanks for all the advice and help.

Scooby

 

Your log looks good! I assume you overlooked my question in my previous post.

Are you familiar with Lenovo?

 

Sorry, I missed the question.

I know of Lenovo, but am not entirely sure how to use it.

Many thanks for all the assistance.

Matt

 

Okay, making sure you know what it is because I'm not familiar with it.

If your not having any further problems then I recommend following this article on How to Protect yourself from malware!

 

Ah ok, Lenovo is the manufacturer, they bought IBM laptop division recently.

Link HERE for your information.

 

Okay! As long as they are legit and your familiar it's fine. Just was curious because I've never heard of it.

 

Just as an aside, I am using Opera as my browser in preference to I.E. Do you recommend it? How do you find it in terms of preventing infections? I find the tools very useful but was wondering what your view was.

Once again many thanks for your help and advice! Keep up the good work!

Matt

 

Personally, I use IE7 and Firefox occasionally. I have AVG AntiVirus Free, ZoneAlarm Firewall Free with Spy Sweeper. I have never had a problem using these programs so I recommend these to everyone because AVG and ZA are free and all use very little resources.

If I had to rank browsers as in security, I would give Firefox #1 and IE7 #2, this is my opinion, nothing official.

 

I'm currently clearing up my mothers computer as well, which has multiple user accounts. Is it necessary to run each of the tools individually on each account or will running them from one account be sufficient?

Cheers

Matt

 

Yes, you need to run everything on each account to clean them as each account has it's own settings. You can run the online scans under anyone with Admin rights but the others must be ran under each account.

 

OK, thanks for that. Looks like I'm in for a long night!

Thanks for the help, hopefully that's the last question from me!

 

Not a problem!