Blackworm Popup

Welcome to Majorgeeks!

You still have some Symantec AV software installed and running. Did you uninstall all of it since you have AVG running?

Please follow the directions given in step 7 of the READ & RUN ME. You do not have the proper version of HijackThis. Follow the directions given and also install it to the recommended folder to avoid potential problems with other directions we could give. We assume in many of our canned procedures that hijackthis.exe will be run from C:\Program Files\HJT\hijackthis.exe
If it is not installed there some procedures we may give will not work.

Then attach a new HJT log.

 

Okay well something changed between this new log and the first. Your first log show this:
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

And in the new log it is no longer showing.

Download and install ExplorerXP

It is better at finding files and deleting them then Windows Explorer and some of the files you have to delete will be hidden when using Windows Explorer.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O20 - Winlogon Notify: sysole - C:\WINDOWS\Config\sysole.dll (file missing)

After clicking Fix, exit HJT.
Now run ExplorerXP and locate the below files or folders and delete them if found:
C:\Documents and Settings\Owner\Application Data\CommonName
C:\Documents and Settings\Owner\Application Data\Lycos
C:\PROGRAM FILES\COMMON FILES\OE
C:\PROGRAM FILES\COMMON FILES\Slmss
C:\WINDOWS\DOWNLOADED PROGRAM FILES\HDPlugin1019.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WUInst.dll
C:\WINDOWS\SYSTEM32\MYDLL.dll
C:\WINDOWS\SYSTEM32\drivers\dfdr.sys
C:\WINDOWS\SYSTEM32\ssqpo.dll
C:\WINDOWS\Config\sysole.dll
C:\WINDOWS\Digital Signature 20031223.htm

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

 

You're welcome.

Your log is clean. If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!