ICanNews: Anyone had it and gotten rid of it?

guard.tmp is normally associated with what we have been calling a Look2Me VX2 infection.

Please download the following tool and save it where you will be able to find it.

L2MeFix Tool

Please print out these instructions now or save locally so that you can operate with All Browser Windows CLOSED.

Exit Browsers now before continuing

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log.

NOTE: Please do not run any other options or files in the l2mfix Folder!

Now reconnect and come back here and post as an attachment the l2mfix log. Based on the log, we will determine the next steps. Please DO NOT REBOOT after scanning for these logs!! Otherwise potential problems may mutate and spread. Wait for me to get back to you with the next steps.

 

By the way, what I gave you will not fix the VX2 infection yet. We first need to see what you have then we can proceed with the fix.

 

It's guard.tmp!

Ad-Aware's VX2 plugin does nothing for this type of infection. It does not even detect it.

 

Just wanted to check because there are lots of hit on guard.tmp

 

Okay! You do have the L2ME form of infection.

L2Mefix cleanup


Print or save these instructions locally now because you will have to be disconnected with no browsers open in the next step.

Please make sure ALL Browser Windows are Closed and also you should physically disconnect from the Internet by unplugging your cable.

Go to the L2MFix Folder on your Desktop and DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go bazonkers (now there's a great technical term!) for a bit, but just let it run. It should eventually spit out another log in Notepad. Please attach that log.

Again, don't run any other files in the L2MFix folder.



Let me know how things look now.

If you still have problems, follow the steps below:


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Okay! That looks like it fix a bunch of stuff. Are you having any problems with things like the Recycle Bin. Does it work properly? Some times it was affected by this VX2 problem and additional steps were needed to fix it.

I notice a couple other things:

1) two antivirus applications being used - McAfee and AVG

2) I believe the below is a valid AIM application:

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

But this next line is also in your log and it does not seem to be a valid item to me.

O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe

 

Okay! So did you fix the aimsgr.exe line in HJT (I assume so)? Maybe you should uninstall McAfee then since it is broken anyway.

How are things working?

 

There seem to be a lot of problems with Windows Updates going around. And none of the things suggested in MSKB work. It would be nice to find out what is going on. I suggested in one case to try enabling automatic updates to see if that would help. I have seen that work when manual procedures would not. But I do not guarantee that it will be the answer in all cases.

You're welcome.