ieantivirus need help

Discussion in 'Malware Help (A Specialist Will Reply)' started by omarfw, Jun 22, 2008.

  1. omarfw

    omarfw Private E-2

    I have looked everywhere for the manual solution but I can only find solutions for how to remove this malware once its ALREADY installed. I'm just trying to remove the initial malware trying to get me to download it.

    I get this notice whenever I try to access a windows folder. If I just leave it open I can continue navigating through windows. But it gets annoying and I like to keep my pc spotless.

    Here's the popup I get:

    'Attention, <Name>! Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!'

    When clicked (yes or no) it leads me here (this site is activex and virus free unless you click the links which I of course have not tested) http://free-viruscan.com/id/4912933/4/1/

    I read another thread pertaining to how to remove this but I followed the instructions and none of the files I needed to look up showed on my system so I have attached a link at the bottom to my logfile from hijack this for you to go over.

    Another note: I recently found two new startup processes in my msconfig and task manager.

    winsys32.exe (which I thought was legit at first but I have never seen it before I got this malware and I googled it and apparently it's a trojan)

    and qvreni.exe (which I also googled and found no search results for.

    I took the cautious route and disabled both from startup temporarily until I can verify what they are. I have not seen either of them before and they look suspicious but I can't find anything relating them to ieantivirus and when I disabled them the popups continued to come. They will also not be in my logfile since I disabled them before generating it.

    http://www.fileden.com/files/2008/5/25/1929468/hijackthis.log

    Thanks. -Jesse
     
    omarfw, Jun 22, 2008
    #1
  2. abri

    abri MajorGeek

    Hi omarfw,
    Welcome to Major Geeks!

     The popup indicates that the malware files are already on your system. You need to get those out. Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs with your next post. This often helps reduce some of the symptoms and with the logs you attach, we can set up some manual instructions to remove any files missed by the scans.

    VERY IMPORTANT! Be sure that you put your computer into msconfig normal startup mode before you run all the scans.

    Thanks.
    abri
     
    abri, Jun 22, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds