earn2life

i did a prevx scan and it said this is generic malware how do i remove it

 

yeah i am having problems with getrunkey i downloaded it and extracted it and then when i click on it has acess denied a bunch of times and a thing saying windows need your permission to continue registry editor click continue and so on you click continue nothing happens the message appears again same if you click cancel and you cant exit getrunkey
also i did a spyware doctor scan it says i have 5 threats with 117 infections

 

im haveing a problem with shownew too im using vista could this be it also i think i got the virus from screensaver.com

 

well heres a scan not sure if its the right one yeah its the right one

 

should i fix these with this tool

 

i already have counter spy do i need AVG

 

i just tried to download MGtools to C drive it said i dont have permission to
do it says contact the admin instead would you like to save to nick simec

 

my clock just changed from 5 24 to 17 24 malware?

 

there is only one acount and it is admin

 

so i dont have to boot in safe mode

 

here the combo fix log might have to do it again because counter spy might of interfered with it

 

here is spybot logs after i did the scan a new internet explore link was on my desktop not a shortcut also there is now somthing call qoobox on my computer do i delete it?

 

you didnt tell me to get show new or getrunkey or hijackthis i still cant download MGtools admin problems again
also counterspy didnt pick up any problems but was probly out of date

 

problems other problem is when i open it the right way registry editor want to open and it doesnt work

 

ok i rebooted my computer some scan came on before it completely started back up and then when it turned i got a security centre warning and i tried to turn it on and it couldnt any ideas?

 

At this point, delete everything you have installed/used up to this point.

Let's bypass using MGTools and run them manually, first, see the threads below and try to attach the log.

If they will not run properly in normal mode, try them in Safe Mode.

Also, download Trend Micro HijackThis 2.02 and attach a log. Be sure you install it to Crogram Files\HJT and rename it to "analyzethis.exe".

• Using GetRunKey
• Using ShowNew

 

get run keys log

 

edit by bjgarrick: log attached properly

 

i dont think its trend micro version i think i acindently used hijackthis do you know any good free anti virus programs i have AVG

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Pre-Instructions:
Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
  [*]It will create a folder named HostsXpert in whatever folder you extract it to.
  [*]Run HostsXpert.exe, click Restore Microsoft's Hosts File and then click OK.
  [*]Click the X to exit the program

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.

Step 2:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 3:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 4:
Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Step 5: Begin here after rebooting from Step 4!
Next Reset Web Settings & Default Security Settings

Note for IE 6 users:
To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites. For IE 7 users, simply click the "Reset all zones to default level" button.

Note for IE 7 users:
Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.


Step 6:
Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


Step 7:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log
• Avenger Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Also, did you set the policies below?

Correction - Part of Vista!

 

i cant do do step 4 i have vista and it dosent work on it and i found O3 earn to life thing in hijack this delete it?

 

Ah! I didn't think about you running Vista, follow the below.

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Reboot into Safe Mode and manually delete the following folders.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\swsys1.bmp into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\swsys2.bmp into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Once you complete the above, attach fresh logs from the below.

• HijackThis Log
• ShowNew Log
• GetRunKey Log

 

Quote:
C:\ProgramData\TRYMEDIA
C:\Program Files\screensavers.com
C:\Users\Public\Application Data\Starware316
i could only find one of these TRYMEDIA
im going back to safe mode are you sussposed to be allowed on the internet in safemode cause i cant

 

logs

 

If you choose "Safe Mode w/ Networking" yes you should be able to access the internet if you use Cable/DSL. Dialup will not work in Safe Mode.

 

I never saw an answer from my question in post 28?

 

i dont think and i dont know how
should i put the files i didnt find in killbox and delete them that way

 

Correction - Part of Vista!

 

ok done i also still have the earn2life toolbar also i cant get security centre working

 

Logs

 

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

Again, make sure ALL browser windows are closed when you click FIX.

Step 2:
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Step 3:
Next, we need to run Killbox again just like you did before.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\Windows\Downloaded Program Files\Earn2Life.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

Step 4:
Now we need to REBOOT into Safe Mode. Once in Safe Mode navigate to and delete the following two folders.

Step 5:
Next we need to run CCleaner to cleanup any leftover junk files.

CCleaner Slim (No Toolbar) 2.02.527

Step 6:
After you have completed ALL of the above in the correct order, please attach the following logs.

• HijackThis Log
• ShowNew Log
• GetRunKey Log

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

in step 5 am i in normal mode or safemode and can i just use regualar CCleaner

 

Normal mode and be sure you have the latest version.

 

i just found a folder on my computer called VIRUS!@#$% but with more symbols it is empty

 

Delete it, where was it located?

 

i deleted it it just apperad on my desktop at 2:03 or somthing

 

Go back to Post 39, Step 6 and attach fresh logs.

 

ok here they are and does it matter that get runkey and shownew are in downloads not in any files

 

hello?

 

First, have HJT fix the entries below...

Next, reboot into Safe Mode and delete the following...

C:\Program Files\Adverbux <-- Delete the whole folder!
C:\Program Files\objectdock_freeware.exe

Once you complete the above, reboot and attach fresh logs from the below.

• GetRunKey
• ShowNew
• HijackThis

 

there was adverbux tool bar stuff cause i unistalled it yesterday

 

Okay, procede with my previous post and attach the requested fresh logs.