Have a few questions

I am trying to remove some malware/spyware and have tried completeing the process listed in this forum but when i get to the microsoft anti spyware removal process I keep getting a error "your system is low on virtual memorey, windows is increaseing the size yada yada yada" about 10 minutes into the scan and it becomes unresponsive and I have to reboot. spybot sd says I have something running in my memorey and it will fix it @ next start up. I cant seem to get past the step above and was wondering since I have spyware doctor full registered version can i use it instead or do I have to use the microsoft beta? I know for a fact I have several trojans and the cws infection. So please advise me on what I can do to complete the removal process.

 

Spyware Doctor is not a tool we use, If you can not run MSAS then install and run CounterSpy as directed in our tutorial.

 

Ok thanks for the advice. I tried counter spy and it is becomeing unresponsive just like microsoft beta. They both seem to be doing this when it reaches registry scan in the toolbar part. So is there any other step or app i can use to continue my removal of these nasty little buggers? and input or advice is appreciated.

 

Skip the step and move on to the next scanner.

 

Ok I tried to do the next steps in order, enabled my nic and got back on line and tried the bitdefender scan but evedently I have a trojan pinging the crap out of my network and it crashed my firewall with numerous dll errors and I cant get my firewall back working. Thats a issue for later. But I had the infections down to just a handful 5-6 left out of the thousand or so I had started out with, but since i got back online I think one of the infectors downloaded some more buggs because when i started over in the steps to cleaning I had about a hundred thirty new nfections show up and it made the bitdefender give me an error Dl virus defenitions. So I was wondering if it would be easier for me to pull the harddrive out and put it in my harddrive caddy via usb and scan it and try to remove the infestation that way? If I did this would I run a chance of infecting my other pc even with antivirus app installed on it and a good spyware app? The pc will no longer boot up in safe mode any more and i think it is just getting worse so this is why I was wanting to go this route. What do you suggest. Sorry to keep bugging u guys but I am about to reimage this machine unless its still recoverable.

 

Keep working your way through the steps at the end post your logs, and tell us what you could and couldn't do.

 

Aight I completed most of the removal procedures. I was unable to complete either microsoft beta scan or the counter spy scan. I ran cwsshreder and here are my logs from bitdefender,panda and hijack this. It looks as if i have a lot of work still so let me know what I can do now. I got this pc from a friend who didnt know what was wrong with it, I noticed when I got it it hadnt had any security updates and no firewall or antivrus protection. It looked as if someone was useing it as a bot for IRC or mirc but hopefuly I can get all that stuff off there with the help from you guys. I really appreciate the help.

 

There is quite a bit in those logs.

Lets start by moving HijackThis to a better location. Download, unzip, then run the enclosed Visual Basic Script. Move_HijackThis

Look in Add or Remove Programs in the Control Panel and uninstall the following:

The version of Java running is old update to 1.5.0_06. Make sure you uninstall the old version.

Empty the Microsoft Antispyware Quarantine Folder.
Empty the Norton Antivirus Quarantine Folder.
Empty the Recycle Bin.
Empty the Norton Protected Recycle Bin.

Copy the contents of the below quote box to notepad and save as ToolbarFix.reg to your Desktop. Do not run the fix yet.

Run the following tools:

• Look2Me VX2 Removal
• Smitfraud, SpySheriff, SpyAxe & PSGuard Removal
• Virtumonde aka Trojan Vundo Fix w/ Tool

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Locate ToolbarFix.reg double-click, answer 'Yes' when asked if you want to merge with the registry.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Now run a full scan with Spybot S&D, make sure the definitions are up2date and that the below has been done:

REBOOT to Normal Mode.

Follow the Directions for Running Spy Sweeper. Post the SpySweeper log.

Post the logs for Look2me, VundoFix, and SmitRem.

Post a fresh HijackThis log.