Help Please

My laptop, has inherited some kind of virus / spyware and I am at a loss as to how to remove it, I am tempted to reformat!!

The symptoms - everytime I connect the network cable to my adsl the laptop starts attempting to send emails to all kinds of weird email accounts that i have never seen before. Fortunatley this is a desktop that i can still use.

I have run a complete Norton Antivirus and Spy Sweeper and Ewido and it still does it.

Please help as this is driving me nuts!!


earle

 

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

 

ok,
thanks for the quick response, i have run all the tests as described. I think in safe mode the system was still sending emails but i cannot be sure as i can only see them when nortons is virus checking the emails on the way out.

Anyway nothing came up on any of these tools!!

i attach the HJT log file for someone with the technical knowledge to hopefully advise me how to proceed.

earle

 

You have HijackThis instaled incorrectly, you have not ran Microsoft Antispyware, and you have not ran The BitDefender and Pand ActiveScan on-line scans. There a 3 logs that should have been posted.

Go back and follow the Read Me first; do not skip any steps.

 

i have problem running the online checks on my portable, as soon as i connect to the internet it fills the screen with emails spam it is sending from my machine, any advice...


earle

 

Even when you connect in Safe Mode with Networking Support?

 

Reinstall HijackThis to C:\HJT. This is necessary, as the location you are running HijackThis from will not create backups.

Now scan and have HJT Fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Run Regedit navigate to and delete the following entry:
[FONT=Arial, Helvetica, sans-serif]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll[/FONT]

REBOOT to Normal Mode.

Can you run connect now without your system being a Spam-Bot?

 

Thanks guys that has sorted it i think. The spam problem seems to have gone.

thanks a whole load for your help and support with this, happy christmas to you all.....



regards

earle