bussolaweb "invasion" II

Begin by following all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal >

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

Note: I already know your Ad-aware is out of date. Ad-aware 6 is old. The latest is Ad-aware SE v1.03 and the reference file is from 30.08.2004

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

 

CCleaner cleans temporary folders. If you had files that you need to keep in temporary folders (not a good idea), they are gone.

Read this http://forums.majorgeeks.com/showthread.php?t=38752
and post your HijackThis log as a .txt file attachment.

If it took 48 hrs to show up again, are you sure it is not happening because of where you are connecting to.

You should use SpyBot's immunize feature and should consider downloading and installing SpywareBlaster and enable its protection capabilities. Get it here: http://www.majorgeeks.com/download2859.html

 

Take a look at the tutorial on HijackThis: http://forums.majorgeeks.com/showthread.php?t=38752

And post me your HijackThis log as a .txt file attachment.

 

First and foremost, you completely skipped Chaslangs instructions. Problem with running Hijack This is we know what you did or did not do. If you had done all Windows Updates, you would have service pack 2. As you can see, you do not:
Platform: Windows XP SP1 (WinNT 5.01.2600)
Which means your Internet Explorer and operating system are out of date, including many important security fixes that could help prevent problems. You also failed to then follow the Hijack This instructions which explain to empty Hijack This into its own directory, not a temporary directory or desktop, hell you even ran it from the friggin zip file: C:\Documents and Settings\Sara\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis_198.zip\HijackThis.exe. You did not close running programs, your browser was open, antivirus, firewall, quicktime and so much more. Arrgh.

Are you running TWO anti-virus programs? I see Sophos and AVG running. This is a major no-no. Uninstall one of them. Immediately. Now.

Still reading? Did you uninstall one of those anti-virus programs? Cool, lets move on.

These are the reasons people here try to remove spyware and can not. They do not follow instructions, nor ask for help in areas they may be stuck. Our success rate is much higher if you work with us. Your asking us to help you, then fighting us.


Ok, here we go with what I can find for you to remove with Hijack this and me still bitching I would definetly go to safe mode and run the virus scanners again, including Trend and Symantec. Links are in the tutorial:
http://forums.majorgeeks.com/showthread.php?t=35407

I dont know what this one is, there are some viruses with mp3.exe out there. If you dont know, delete it:

C:\windows\mp3[1].exe

Remove:
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [zzz025v] c:\windows\mp3[1].exe r

 

To add to MA's advice, after fixing the lines in HijackThis, reboot in safe mode and locate the below file and delete it:

c:\windows\mp3[1].exe

If you have a problem finding it make sure you have enabled viewing of hidden files as per the read me first instructions (see Getting Prepare: step 4)

 

Did you fix the line in HijackThis:
O4 - HKLM\..\Run: [zzz025v] c:\windows\mp3[1].exe r

and then boot to safe mode and try to delete the file
c:\windows\mp3[1].exe

If it still give you a problem, bring up Task Manager (CTRL-ALT-DEL) and select processes. Look for mp3[1].exe and if running, end it. And then try to Delete the file.

 

You have to run HijackThis put checks on the those lines you were given and then click Fix.

 

Keep ZoneAlarm! But what version is it?
Yes keep SpywareBlaster. Did you enable of the protection features it has?

Is your problem with bussolaweb invasion fixed?

Once you get your since into good working order (no malware, no viruses etc) then you should do the SP2 upgrade. But take a look over in the Software Forum. There is a bunch of discussion over there on doing a problem free upgrade.

 

The below is quoted from SpywareBlaster's help file:

Enabling Protection

Enabling SpywareBlaster's powerful protection is easy:
​

1.) Open SpywareBlaster
2.) Click on the "Enable All Protection" link under Quick Tasks on the main screen.
3.) Exit the program - you're done!

SpywareBlaster does not need to remain open for its protection to be active!

Simply use the Check for Updates feature at least once a week to download the latest protection (or consider AutoUpdate).