Hello, I'm having some virus issues.

Hello all.

First, I have gone through your read me and do this first page, and have done what was asked.

Last week I recieved a virus. Actually more like 9. Symantec found and deleted all but 2 of the viruses. Those that were not deleted were a xml one and one called sploit[1].anr. (I dont know the name of the first anymore, when I look in my symantec threat history I can no longer see the viruses that were there)

As I said, I ran the cleaning that you have given me and it has helped. Before, I was receiving 50 pop ups every 5 minutes, but thats no longer going on.

However, I dont believe that the issues have been fully taken care. About every 15 minutes or so it seems like a pop up is trying to come through, however it seems to be blocked by some pop up blocker as it makes that "popping" noise. The problem is though that if I am playing a game, playing a video, or typing something (like this thread) and it happens, it will boot me back to the desktop (though it doesnt close the window, I just go back to the desktop and have to open up what I was previously doing again.).

When symantec does a scan, it comes back clean now also, but I still think something is there.

I hope I'm not leaving any info/problems out. If so let me know and I'll be more than happy to provide the info.

Thank You.

EDIT: Also, the start up and the shut down, and just overall performance is moving a lot slower.

 

*Bump*

 

Move HijackThis to C:\Program Files\HJT. HJT needs to be in this location to properly create backups.

Empty the Symantec Quarantine Folder.
Empty the Recycle Bin.

Run CCleaner

Download
- Pocket Killbox

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open indows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Thank you.

I went through and did what you told me.

Just to point out, when I went through to manually delete the files, I couldnt find any of them.

These:

C:\dfndred_7.exe <<=== Delete the File
C:\fym9bvo.exe <<=== Delete the File
C:\kybrded_7.exe <<=== Delete the File
C:\PROGRA~1\YMBOLS~1 <<=== Delete the Folder
C:\WINDOWS\v1201.exe <<=== Delete the File
C:\WINDOWS\system32\gjrjwk.exe <<=== Delete the File
C:\WINDOWS\system32\cmd.dll <<=== Delete the File
C:\WINDOWS\system32\DOBE~1 <<=== Delete the Folder


But here is the new hijackthis log. (I moved it too).

 

Is this new log clean?

I am still getting some problems.

Thanks.

 

Your log is clean. What kind of problems are you having?

 

Hello again.

The boot up and shut down is still pretty slow (I dont really care about that at all, but it's still doing it).

But the big problem I am having is that when I have a game up, or a video, or when I am typing I hear that "pop up blocked" noise and whatever I am doing is minimized and back to the desktop I go, but no pop ups come up.

Everything has gotten much better since I received the viruses, but that minimizing issue is the one thats killing me now.

Thanks again for the help, it has helped.

 

OK, let's take a deeper look at your system.

Follow the directions for:
Running WinPfind by OldTimer
Using GetRunKey
Using ShowNew

Post WinPFind.txt, runkey.txt and newfiles.txt.

 

Alright, I ran them and have all the logs.

Thanks again.

 

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

How is your computer running now?

 

About 98% better.

The start up seems to be as fast as it was before this junk.

The pop up issue still happens, but not nearly as often. I was able to use a program for about 30 min and it only happened once.

Before it would happen often in a short period, making it unusable.

If there any other removal options I can run, great. But if not, I am at a point where the issue is tolerable.

Thanks for all the help.

 

There something still on the system then, we just have to find it.

Download Blacklight Beta from here:
http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html

• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

 

Hello.

The link didnt work, so I just googled Blacklight and downloaded what I hope was the right one from the F-Secure site.

No items popped up on the scan, heres the log.

Thanks again.

 

OK, no rootkit.

Follow the directions for Running Ewido Anti-Malware.

Post the Ewido log when finished.

 

Good Evening.

I ran the Ewido scans. Here is the log.

Thanks again for all the help.

 

There were a couple of trojans in there the Ewido found and cleaned.

How is your system running now?

 

Yes it seems to have done the trick. I am not having that pop up issue anymore.

Thanks a ton for all your help.

 

Flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore
How to Protect yourself from malware!

Safe surfing.