fakemsn8bata

hello i have been trying to get rid of a virus for a long time now spybot finds fakemsn8beta gets rid of it then it keeps coming back the next day or within 2 days my homepage keeps changing to virushelpzone.com i did click a link on windows live messenger and am shure thats how i got it i have tryed spybot search and destry , windows defender, fre avg,msnvirrem, atf cleaner ,windows mal soft remover , and did a kaspersky online skan have a log. but nothing worked please help me i have run hijack this today in safemode wont run normally here is the highjack log... i cannot open the log now it closes too fast
here we go....


~ INLINE HIJACKTHIS LOG REMOVED ~ SPD
Read Me First not run, HijackThis installed incorrectly

 

Welcome to MajorGeeks.com!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

i had found a virus and a trojin i had also discovered that my regedit wouldnt work it is now it was closing on its own and so would the highjack this log i scanned with panda and found Trj/Killav.FD and Trj/Qhost.gen i did a disk clean selecting everything took all night then got ccleaner fallowed instructions from other forum seems to have worked will see later gtg

 

i do belive i solved the problom my computer is cleani will remember the rules for next time and do all that first

 

If you would post a fresh HijackThis log and logs from GetRunKey and ShowNew; I can check to make sure there is nothing else hanging around that needs to be dealt with.

 

ok i have run the scans you asked and got the logs on a side note i get an error on my computer since getting rid ov virusit says when i start up ;windows cannot find c:\windows\system32\hccduydvrx\winlogon.exe

then says it couldnot run specified in the registry
make sure the file exist or remove the reference to it in the regestry .
but everything on my computer seems to run fine go figure but anyway heres my logs

 

HijackThis is not in the location specified by our tutorial. Right-click on the underlined text and Save Link as to your Desktop. Move_HijackThis.vbs

GetRunKey is not installed properly. It is in a folder on your Desktop. Our Tutorial specifically states to put it in a folder something like MGTOOLS in the root directory of the boot drive; i.e. C:\MGTOOLS. This would be why your log is BLANK

Download
- Pocket Killbox
- ExplorerXP.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Install the current version of Adobe Acrobat Reader from: Adobe Acrobat Reader Download

Install Java Runtime Environment (JRE) 6 available from Sun Microsystems.

Windows Messeger is running in the background on this computer, and represents a security risk. Remove Windows Messenger by running Uninstall Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Follow the directions for Running Hoster

Open ExplorerXP navigate to and DELETE the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the directions for the Virtumonde aka Trojan Vundo Removal procedure.

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• FixVundo log
• CounterSpy - Safe Mode
• Bitdefender - Safe Mode w/Networking
• Panda Scan - Safe Mode w/Networking
• runkeys.txt -Normal Mode
• newfiles.txt -Normal Mode
• HijackThis-Normal Mode

I am requiring 7 logs, this will take you 3 posts to post all the logs. Make sure that HijackThis, ShowNew, and GetRunKey are installed as per our tutorial.

 

well you helped me clear that error but i will get to the other stuff later and post back just wanted to say thanx . and do i really gota delete windows live messenger? and plus i like plus and whats with the java update deleting just to download it all over? i have however deleted all of windows live and plus while getting rid of the virus then reinstalled it after the virus was gone
any way i will pay more attention to the tutorials next time and will finish this when i got some more time thanx


o ya and when i try to remove internet lotteriy in add\remove it wont let me says its not there

 

Your were to remove Windows Messenger, not Messenger Live!. Messenger Live! Plus is crapware, it is responsible for installing several different malware infections.

When you install a new version of Java, you must uninstall the old versions. Java does not update in the since most people think. You had 5 versions on Java installed on your computer; all of them are out-dated and your computer is vulnerable to infection.

YOUR SYSTEM IS INFECTED

Complete the instructions I posted earlier and provide the logs I requested.

 

how do i remove highjack this getrunkey and show new?? i have done everything you asked only got the scans left to do but i put these programs in the rong spot and the link for moving hijack dosent work evan rightclicking and save as there is no save link i want to clean those three before i scan and last time i did a panda scan it took 7 hours so i really dont want to do that 1 again

 

how do i get a log from counterspy???

 

The link to Move_HijackThis now works.

Simply drag and drop ShowNew and GertRunKey files into teh proper folder on you Hard drive.

To access the CounterSpy scan log...

1. View >> Spyware Scan >> Spyware Scan History

2. Select the scan you'd like to view

3. Hit "View Details"

Attach all the scanlogs I requested and RUN them in the ORDER I listed.

 

the ltime file will not move or delete says its being used by another program even in safemode i cant move it or delet

 

Install Unlocker

When you try to delete the file Unlocker will show you what process is using ltime then ask you what you want to do. Unlock the file then drag and drop it into the proper folder.

 

well here goes nothin i did as you asked fallowed the best i could really hope i didnt mess up cause it took a really long time so heres the first 3 vex counterspy and bitdefender

 

heres #2 panda or activscan runkey and newfiles

 

and last but not least hjt i hope i did this all right and let me know when i can delete most of this scan stuff please thank you

 

Copy the contents of the below quote box to Notepad; Save As FixMe.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixMe.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post fresh logs for the following:
1. ShowNew
2. GetRunKey
3. HijackThis

 

i tried what you asked and got this c:\Documents and settings\Martin Biros\Desktop\FixMe.reg is not a valid Win32 application and what should the encoding be when saving mines on ANSI when i click to run it not when i save it i get the error

 

I know that's a valid registry patch; I write them all the time. Don't worry about the encoding type; it doesn't matter.

[FONT=Arial, Arial, Helvetica]Unzip REG File Association Fix (Restore default associations for REG files), to your Desktop.[/FONT]


Start -> Run
type regedit
click 'OK'

Registry Editor will open:
Click "Registry" in the menu
Select "Import Registry File ..."
Import Registry File dialog will open.
Navigate to your Desktop and double-click on xp_regfile.reg

Reboot

Now double-click on FixMe.reg and import the registry patch.

 

i think im abit confused here i open regedit but i dont see any menu with registry in it the only import is in the file menu but it just says import not import regestry please clear this up for me thank you

 

Import is the right menu option.

 

when i try the killbox i get error 6

 

heres my logs but i did get that error so i hope everything went good

 

I apologize for taking so long to get back to you.

Your logs are looking pretty good. What's problems if any are you still having?

 

the only problom i had was when i tried to run killbox like you said i got an error 6 but my computer has been running great again thanx for your help my computer needed a good cleaning anyway lol now can i delete some of these programs you had me download for cleaning out my computer likr hjt, ccleaner
vundo,counterspy,explorerxp and the many other helpfull programs i got may be i should keep some but not all let me know thanx

 

If you are not having any other malware problems, it is time to do our final steps:

• If we used Pocket Killbox during your cleanup, do the below
  • Run Pocket Killbox and select File, Cleanup, Delete All Backups
• If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
• If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
• If you are running Windows XP or Windows ME, do the below:
  • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!

 

ok thank you for everything my computer usually is in good shap but i knew there was a few things hiding around but i was lazy didnt want to deal with it then i clicked that retarded messenger link . was my fault cause i do know better think i just had a blonde moment . now for some reason not saying why but my system restore has been off for a very long time so i guess ill turn that on now . i have goton virusis before and always found away to get rid of them and have evan helped others clean there computers but this virus had me stummped for the longest time and it was panda that fount the qhost i think that was it anyway this has been also a learning expieriance for me too so thanx for that too! o ya i got rid of counterspy cause i already got freeavg and deleted all scanlogs. should i delete the pandascan files and any bitdefender files or just leave them?? thanx my computer and me are 1 again lol i forgot should i delet killbox i did what you asked but not shure if i should delete the exe thanx

 

You can delete all log files. Killbox is a handy tool to have. You can keep it or delete it; your choice.