cant get rid of virus

Welcome to Major Geeks!


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [Hjolajomowapupi] rundll32.exe "C:\WINDOWS\urorokonibumeru.dll",Startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O23 - Service: MouseDriver - Unknown owner - C:\WINDOWS\TEMP\MouseDriver.bat (file missing)

After clicking Fix, exit HJT.

Now please download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Now run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

The problem with Avenger was my fault because it cannot fix things in HKCU registry hive. I wanted to change to a different tool since you could not run ComboFix but I forgot that I had these HKCU entries.

MGlogs.zip was not updated fully/properly. Please delete your current C:\MGlogs.zip file and then shutdown all protection software and do the below again.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below log:

• C:\MGlogs.zip

I need to see a complete log before I know what remains to be fixed. Also very important.... DO NOT REBOOT OR POWER DOWN after attaching this new log. The infection you have could possibly be spreading or renaming itself at each reboot and that would make the next fix I give you incorrect since the problem would have changed.

 

Okay, it looks like the last fix actually was able to remove all the items we want to removed and your logs appear to be clean.

Are you having any malware problems?

 

Neither of these are necessarily malware problems. You could be having problems with Windows and or with Norton itself. However let's run a couple more checks. It may become necessary to uninstall Norton just to see if it may be causing your problems. It may have been broken/corrupted.

You said "was" is this still happening? If so, I need a log showing what and where. If it is in System Volume Information, this would just be system restore and it is not an issue since final steps will fix this. If it is in quarantines of things we already fixed, this is also a non-issue.

It is a good program. Nothing is perfect and who is the best can be very subjective and can change weekly based on newest updates to databases. Personally Norton would not be at the top of my list though.


Download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
  • If you do not see the file extension, please refer to: How to view hidden, system files & folders!
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

Now run the below and attach the log from GMER

GMER - running with a random name



Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip