Help Needed - Virus, Perfect Code, Virusbusters

In BJ's absense, I'll give you the next steps and then BJ can continue to help after you complete these!

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

You really should not allow programs like below to always load at startup:

O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"

You should only run these programs when you really need them; otherwise they are stealing system resource and slowing your system down (and anyone else on your network too). Also they are security risks.



Uninstall the below old versions of software:
J2SE Development Kit 5.0 Update 7
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
Java 2 SDK, SE v1.4.2_07
Mozilla Firefox (1.5.0.8)
Now install the current version of Sun Java from: Sun Java Runtime Environment

Then install the current version of FireFox from: Mozilla Firefox


If you need the Sun Java SDK you should also install the current version from:

http://java.sun.com/javase/downloads/index.jsp


Other than the above things you system appears to be clean. Are you having any other malware problems?

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
4. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
7. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

You can just use HJT to fix the below lines:
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"

But my comment still remains for uTorrent. You should not let it always load at startup.