Help i was infected with over 200 spyware/viruses

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

.

 

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

Ok. 1 file is a good start, that can narrow it down for us. Be sure system restore is off, this trojan is trapped there. With system restore on, you wont get rid of it. Be sure you try some of the tools like Mcafee Stinger, they may get it, and again, from safe mode, with system restore off

 

I think that will do you. System Volume Information is where all restore info is stored. Your programs know it is there, but the restore area is not accessible, so as far as the programs scanning are concerned, it is a virus that can not be removed. You can spot whats stored in system restore by the directory name:

C:\System Volume Information\

 

Follow the link to the home page and grab it from them. The authors link should have the latest version.

 

These all sound bad, like Trojan names:

sys32.msrep32
sys.smartmenuxp
sys32.bdoscandel
win32.tex.b
win32.adware.viewpoint

These sound bad, .com in the root of c is a bad thing and regedit is in Windows root, so thats a clone and possibly problematic.

C:\windows\R.com
c;\windows\system32\dllcache\regedit.exe

Not sure on Firefox... yet, could be one of these issues.

 

Note: The below are valid files and should be left alone

c:\windows\regedit.exe
c:\windows\system32\dllcache\regedit.exe


These two detections by RemoveIT Pro XT SE are FALSE!

If you already deleted them, there is still probably a copy in c:\windows\System32 and the one in dllcache may have recreated itself anyway.

You should attach the two logs from Bitdefender and PandaActiveScan as step 6 in the READ & RUN ME requests. Also it would be best if you only run what we ask you to run.

 

No! It is a valid scanning tool but just will not fix anything unless you buy it. We have used it sometimes as an aid to finding hidden problems and then we can make manual steps to fix what it finds. There are many programs that work like this. Even PandaActiveScan only cleans very little (almost nothing) of what it finds unless you buy it. PestPatrol, Spy Sweeper, SpywareDoctor and many others do the same. They let you scan but you must buy it to fix problems.

On the otherside, there a literally hundreds of crapware tools the work like this too and many of them do lie to you about what they are finding. That is why the below Rogue Tool list exists:

Rogue/Suspect Anti-Spyware Products & Web Sites

Are you still having problems?

 

Before you post HijackThis logs you must run the READ & RUN ME (all steps) and you must attach the two logs from step 6.