help w/ warnhp.html

Norton informed me that I was hit with a virus and soon my desktop had a spyware message on it. I'm hoping someone can help me fix it.
the file on the desktop is C:\WINDOWS\warnhp.html

I've folowed the pre-post directions, most came up clean, spybot found one thing, fogot the name, sorry, tele something? Bitdefender cleared 8 viruses, report is attached.

Attached are the bitdefender, panda, and HJT logs.

Thanks a lot for your help, you guys provide a great service.

Ethan

 

You have an AlfaCleaner infection, or at least what is left of one.

Download the following
smitRem.exe written by noahdfear and save the file to your Desktop.

Removal Instructions
​

-- You will want to print these instructions out, as ALL Browser windows will need to be closed. --

NOTE: Not all of the HijackThis entries; Files and Services may be present on your system.
​

1. First look in Add/Remove Programs and uninstall if found

2. Now please reboot to Safe Mode
3. Go to Start > Run and type Services.msc

• Look for the following service

AlfaCleanerService or AlfaCleaner.com
​

• Right click it and choose Stop if not greyed out
• Now choose Properties and change Startup Type to Disabled

4. Now open HijackThis

• Choose Open Misc Tools
• Choose Delete an NT Service
• Copy AlfaCleanerService or AlfaCleaner.com (whichever service name it was under) into the box and delete it.

5. Open HijackThis and scan and place a check next to the following

Now close ALL Browsers and choose Fix Checked

6. Open your Smitrem folder located on your desktop

http://www.malwareteks.com/images/icon.png​

7. Double click the Smitrem.exe file. Your screen will look like the following:

http://www.malwareteks.com/images/extract.png​

8. Click Start and allow it to extract the files into the Smitrem folder on your desktop.
9. Now please look for and delete the following files and folders

10. Now close ALL Windows and open the Smitrem folder on your desktop.
11. Please select Runthis.bat from the folder contents

http://www.malwareteks.com/images/folder.png​

12. Follow the prompts on the screen.
13. Your desktop will disappear, this is normal. When Smitrem is finished, Disk Cleanup will automatically start.

http://www.malwareteks.com/images/dc.png​

14. When Disk Cleanup completes, please reboot your PC back to Normal Mode.
15. Now run Panda ActiveScan

• Click Scan your PC
• Fill out the requested info
• Click Scan Now

Post Smitfiles.txt, the Panda ActiveScan log, and a fresh HijackThis log.

 

Thanks for the quick help Shadow-P-Dude, unfortunately it didn't seem to work. I didn't any of the stuff in steps 3-5 in your instructions, the only one thing did see was the C:\Windows\warnhp.html in step 9 which I deleted.

The desktop still has an (empty) html page on it linking to the original warnhp file.

I pretty sure i followed your instructions, but i'm by no means an expert, so it's possible i messed up somewhere. I'd appreciate any ideas you may have.

I'm attatching the new logs as instructed...Thanks again Ethan

 

OK, your HijackThis log appears to be clean.

Follow the directions for:
Running WinPfind by OldTimer
Using GetRunKey

Attach WinPFind.txt and runkey.txt when done.

 

Ok, I ran the two progs and am attaching the files.

Thanks--Ethan

 

The logs are clean.

Follow the directions for Running Ewido Anti-Malware.

Post the Ewido log when finished.

 

Just ran Ewido an am attaching the log. Thanks for sticking with me--Ethan

 

All logs a coming back clean. Can you give me a screen shot of your desktop?

 

attached is 2screenshots, i run 2 monitors, easy to tell whats what in the shot. Sometimes the warnhp.html file is smaller, sometimes it's expanded. Thanks-E

 

Let's try disabling Active Desktop.

1. Open the Control Panel.
2. Open Display Properties.
3. Click the Desktop tab.
4. Click the Customize Desktop button.
5. Click the Web tab in the Desktop Items window.

To disable Active Desktop, make sure all checkboxes in this window are un-checked.

 

Looks like that did it!!!

Thanks a lot man, i appreciate all your help and patience. Hopefully I can stay clean for awhile!

Good Luck--Ethan

 

Disable System Restore and then enable System Restore. This will flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore

How to Protect yourself from malware!

Safe surfing.