Help!.. still can't remove viruses on my pc

my anti-virus detects the virus but it cant remove it. it keeps on coming back again.. my yahoo messenger is jammed.. whenever i logged in the program quits, my internet connection has also slowed.. I've done the procedures in malware removal yet still they're still here.. also i cant enable to view hidden files, whenever i click on the radio button to enable them and press apply / ok it comes back to its previous state..



ps.

sorry i cant attach my superantispyware log..
i dont know but whenever i view the log, the notepad stops responding and i cant save the log..
is this virus-related too?

 

Hi Chrome21,
Welcome to Major Geeks!

1) Please disable your guest account if this has not already been done.

2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 2

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe

After you click fix, just close hijackthis.


7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

8) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

hello Abri..

i think things are doing well.. thank you for your help..
im currently monitoring my system for any changes, right now i can log in again to my yahoo messenger..

i still cant view my hidden files.. still when ever i click the apply button. i still cnt see the hidden files and when i check the settings again it is once again been turned off.

here are my logs.. tnx again for your time

 

Hi chrome21,

I missed some files and this may change the hidden files problem. Please run Avenger again as you did in post only this time use the contents of this box. (Be sure to run ATF Cleaner again afterwards!)

Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Hello Sir Abri

I Tried Doing the things you said yet still i couldn't view my hidden files..
is this means that my computer is still not free from viruses?



thank you for your time with me..


ps. i've run the avenger 2x.. im sorry i couldn't post the log after doing what you said... i'll attach it anyways.. thanks again..

 

Hi chrome21,

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F2 - REG:system.ini: Shell=

After you click fix, just close hijackthis.


You have some odd values in your registry that I want to look into. Please tell me what happens when you fix the above entry. After I hear from you about that, I will get back to you about the registry keys.

abri

 

Hi chrome21,

Adding to my post 6, I would like to ask you to look at the following website article which relates to one file called C:\WINDOWS\PSEXESVC.EXE which you have on your computer: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

If you did not set this up (it's for the remote execution of programs), then the file above needs to be deleted.

Also, it's possible that you have security software running which is preventing changes to your settings including being able to show your hidden files. Which security software are you using and do any of them prevent changes to the registry?

Finally, I wanted to ask you why you have a Vista entry in your registry? Is it possible that you ran the Vista instructions for the MGTools rather than the XP instructions? That might account for that one entry which is irrelevant for your computer.

abri

 

good day sir abri..

i deleted the file you mentioned in your post.. C:\WINDOWS\PSEXESVC.EXE

the only security software i am using are AVG and Spyware Terminator..
i tried turning them all off then changing the settings but it didn't worked..

im not pretty sure about the vista entry but im sure that i've followed the right instructions for MGtools..

i still cant view the hidden files..


thank you for hope time again sir Abri..

hoping my problem will be solve soon..

more power to you and the crew..

 

Hi chrome21,

I can't see any obvious reason for your hidden files to be hidden. Your settings show that your hidden files are visible, therefore something else must be overriding that setting. Please go to Alternate Scans and scroll down about half way down the page. There you'll see a list of rootkit scans. Please run the AVG Antirootkit scan and the TrendMicro Rootkit Buster and attach the logs for these here.

Thanks.
abri