hello

I have never had a virus on a computer before but I think I have one now. at boot up there is a blue circle flashing ? in center. a ballon pops up stating Critical System Error! and when you click on it Explorer opens and want to sell virus burst ..

Its my daughters computer and she does not know what she did but while we were being presented with this and other similar ads, she wanted to click on them ... I am sure that is what happened. I ran adaware but it did not remove, Norton Anti-Virus and it saw nothing wrong.


I looked in the add remove programs and there is a program called Internet Security Add-On which will not uninstall.

Can you direct me to a thread where this has happened to someone else?

Thanks.
Doc

 

Welcome to MajorGeeks!
Post your problem in the malware thread where a series of experts will help you remove your malware problems.
http://forums.majorgeeks.com/showthread.php?t=35407

 

Welcome to MajorGeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat[/B]
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

This thread will be moved to the malware forum.

 

Thanks I will get on it.
since my post I ran AdAware and Spybot and there were many ..... including zlob, winAntiVirus pro , the "fix" action did not elimintate the annoying Critical System Error message from popping up ever minute or so.

DC

 

PS should I start over in the Malware area? happy to.
dc

 

OK first run the following procedure:

SpywareQuake & SpyFalcon Removal Procedure

This will clean up some of the Zlob infection.

THEN run the steps I gave you above.

If you don't see this till you come back then run the SpywareQuake & SpyFalcon Removal Procedure as well and let me know

 

You ARE in the malware area, we moved your thread here......

 

I was able to run the various scans. I will attach all the files .txt and logs.

It appeared that bit defender removed some things but panda says I still have some issues

I just saw the spyquake spyfalcon recomendaiton, I will wait till you see these result before proceeding with that.
thanks.
DC

 

and the panda and HJT

 

Procede with it now, you still need to run it.

THEN after your done with it post the other logs.

 

Ok I need glasses. I did not find any of the files on the two lists to rename as .DDD or to delete.

My computer seems to be better....

The only thing I see it doing now is the blue circled ? in the bar is blinkin with a red circle and every so often popping up a Critical Error Balloon. I have not clicked on it to see what will happen. At the beginnig it went to a Virus Burst website.

attaching the smithfiles.txt

I may take a day off,
Will I know when this is clean?

 

PS I did add/remove in safe mode the Internedt Explorer Security Plugin, Internet Security Add-On and PCODEC 6.0

Thanks again for your help.
DC

 

Please rename Hijackthis.exe to analyze.exe as instructed in the readme, this is very important as some infections now look for hjt in running processes and hide themselves. renaming it means we can see a lot more if this is the case.

Theres probably not much point taking the day off, I have to go to work too so I can only answer when I am free.

Post a new HJT log.

 

Analyse.exe
hjt log

 

I ran Panda again. because it was the only one that seemed to see the invisible programs here is the log.

 

So sorry. I forgot where it was.
here is from the programfiles\hjt\hijackthis\analysethis.exe log

 

Any more thoughts?
I still have the flashing blue Circle with the intermittent balloon popping up with the "Critical System Error"
Thanks DC

 

At this point I do not see any of the blinking error messages and the computer seems to be working fine.
attached runkeys and shownew logs.

 

And the HJT log

I am resetting the restore now as well.

 

RegEdit has been run.
here is new runkey file.

 

Thank You
DC