Gone from Virus to Plague!

Let's try this...

If you haven't already, please disable the Guest account in User accounts.

Please use add/remove programs to uninstall:
Java 2 Runtime Environment, SE v1.4.2_03

Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Please disable all anti-virus and anti-spyware programs while we do the following ( be sure to re-enable when we are finished):


Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

Now download The Avenger by Swandog469, and save it to your Desktop.

* Extract avenger.exe from the Zip file and save it to your desktop
* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the "Input script here:"
part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\%username%\Local Settings\Temp

Now download and install:
Java Runtime

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

 

We can skip those until we are farther along the removal process...go ahead and do the rest

(Note= I had a formatting problem in the quote box for avenger, but it is fixed now)...

Mainly you need to do the avenger fix and then get me the new logs.

 

You are running more than one anti-virus programs....you should only be running one:
Norton Security Center
McAfee SecurityCenter
Kaspersky Internet Security 7.0

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

* Run avenger.exe by double-clicking on it.
* Do not change any check box options!!
* Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

* Now click the Execute button.
* Click Yes to the prompt to confirm you want to execute.
* Click Yes to the Reboot now? question that will appear when Avenger finishes running.
* Your PC should reboot, if not, reboot it yourself.
* A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\%username%\Local Settings\Temp

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Be sure to tell us how things are running.

Can you now boot to normal mode...what happens if you do, exactly.

 

Only one item showed up in your logs, so use windows explorer to find and delete:
C:\WINDOWS\system32\pevagope.dat

Now you should be able to uninstall the old java and after a reboot install:
Java Runtime

To disable the guest account...go to the control panel / user accounts / click on the guest account and disable it.

If you are not having any other malware issues, then: