IEDefender and Spyhunter malware

Hi!

Long-time listener, first-time caller...

I've found the above-named viruses after several virus scans from different programs...FYI: spyhunter was something I downloaded based on approval from this site (it's in your Malware links page), but it was a trojan. Ah well...I think it's gone now.

I HAVE read the rules for posting but...

- I have NOT run ComboFix -- it makes me nervous. There are a bunch of warnings on the Web about not running it unless you're really sure you know what you're doing...and I'm not.

- I'm also afraid to restart for fear of not being able to get back into Windows. I ran a program called 'Trojan Remover" and upon Uninstall, it asked me if some "unused," "shared" dll files should be removed. I stupidly said yes...and realize now that's caused problems in the past.

Will combo fix give me a "Safety" to fall back on? Or is there ar DIAGNOSTICS TOOL I can run that can verify the stability of Windows before I restart?...Just to be certain I can get back in?

Anyway, thank you for any help you can offer.

Several Logs below as requested:

 

Hey, Tim!

Sorry, Don't know how I forgot those 2...

THANKS FOR THE HELP!

This is the SAS log:
SUPERAntiSpyware Scan Log

Generated 01/05/2009 at 08:23 PM

Application Version : 4.24.1004

Core Rules Database Version : 3694
Trace Rules Database Version: 1670

Scan type : Quick Scan
Total Scan Time : 01:31:28

Memory items scanned : 527
Memory threats detected : 0
Registry items scanned : 470
Registry threats detected : 0
File items scanned : 6442
File threats detected : 0

 

Heya, Tim!

I did INDEED read that stuff about the virus programs...

Am uncertain if I actually RAN Combofix. That is, I DL'd it, placed "WindowsXP-KB310994-SP2-Home-BootDisk-ENU" file into the Combofix icon. Does that count as running it? Does it install with that?

As for virus programs:
Initially, I only had Symantec (which has never previously failed me), then several nights ago, I noticed a major slow-down suddenly (I'd not DL'd anything new. [Viewpoint's been on my computer for months w/out issue, but i HAVE removed it]). So I DL'd Avast and a bunch of other things in a panic (including the Spyhunter virus [as mentioned above] -- yay me!).

I've since removed everything save for Avast, SAS, & Symantec. I turned off Avast's Real-time whatchamathingy (after I posted that log I guess).

I've attached an updated HiJackThis Log. Please let me know next steps.

THANKS!!

 

OK, I did a full scan with Avast! (I had done a Full Scan w/ONE virus programs I have/had, but no longer recall which...b/c I THOUGHT it was Avast I'd done it with but clearly not...), and in the System Information Folder, it found and quarantined the files:
A0030549.dll
A0030550.exe

I deleted those 2 files. Also in the Avast! Chest (from past scans in the last week) are the following files:

kernel32.dll
winsock.dll
wsock32.dll

I should add that System Restore WAS set to OFF since discovering I had a virus last week, but, after this scan, I went and checked it and it was turned back on (by the virus I presume).

Please let me know what to do next.

 

I realized Avast! changes the name of the files.

It says the virus infection is Win32Agent-IPP

Again, please let me know next steps!

THX!!

 

I see no way of copying and pasting the Avast! logs, so I've included two images.

One of the Warning Log and one of the Error Log -- they were the only ones which had any info (save for the Updates log).

Thx.

 

OK. Sigh. Thanks.

So, a few questions:

1. What a-v software would you recommend since Avast doesn't seem to be dependable (and Symentec Pro edition completely missed the IE Defender virus)?

2. My computer slowed down tremendously and, later that day (one-and-a-half weeks ago), the IEDefender virus was found (as mentioned in my first post on this thread). The computer is still running slowly in spite of running CCleaner, removing unnecessary start-ups, and a number of other things I've done. I've 16.6 Gigs open, and I've not DL'd anything new. But I'm still running VERY slugglishly. Any thoughts on what I can do, aside from wipe the drive, to fix this? I can't even play audio in Windows Media player, it skips and echoes.

3. The only other change is that the resolution of the screen as it's coming out of hibernation has changed (the type is small and in the center of the screen, rather than large and at the bottom). What the heck's with that?

Any further tips would be greatly appreciated.

Thank you, Tim!

 

Heya, Tim!

I followed those steps and nothing changed. I have also done EVERYthing listed in the computer maintenance section -- defrag (not w/the Windows defrag program), Registry cleaning, removing extra programs, desktop icons, etc.

A techie friend recommended I run sfc /scannow

I've done that and it seems to have somehow RESET my computer back to the bad slow-down I had when this all first started 2 weeks ago. (And yet it's something I've never experienced before.)

Any thoughts? And, yeah, after this, I'll post in the section you recommend from here on.

Thanks for everything!!

 

Hey, Tim!

BitDefender found a virus, but it found a virus in a file I've used before, several times, without issue (part of an illegal download, yes, but, again, one I've had on my computer for years [and even my previous computer] without issue).

Let me know what that means, and if there's something else I should do from this point.

The txt file is attached.

 

Tim,

What I'm asking is what are the next steps here? Should I do another full scan with something else?

Also, as I explained to you in my preivous post, I'm fully aware that some of these DL'd programs are stuffed with Malware, hence my point that I've had this file on THIS computer AND my previous computer for several years now, with NO issues.

I've done full scans before w/out finding anything, and I've run that software (the software deemed to be a virus) on several occasions. Why does BitDefender suddenly find it to be a virus?

And, finally, Avast! again found the Win32:Agent-IPP and, strangely, it warned me about these files are are in Avast's VERY OWN "moved" folder. What is that about? (These are the files you said were false positives earlier in this thread.)

 

Yes, but I did it again just now...and will restart.

Attached!

Yes, I have done that.

Any thoughts on the main question of my last post (why that file was never considered a threat before)?

THX!!

 

But the computer's not reacted in any negative way. And the friend who's also used it has not had any viruses or slow-down issues. Could it be a worm making it's way through my HDD?

Tim, you're commenting on files in the log from 1/4. Spyhunter's been gone for about 2 weeks now. Please take a look at the log again and look at the files I referred to 2 posts back (where you then asked me to post this log). And look at the ones dated 1/18 -- that's what we're focusing on here.

I don't want to post elsewhere until I know these issues are resolved. If you're stumped, that's totally cool, perhaps someone else on the site can take a look.

Thanks for everything!!

 

OK-madokay, Tim!

Attached is the Log file...

I gotta say, that was the easiest scanning program EVER! Why are there warnings all over the Web about running it? It gives directions the whole way through and everything. Odd.

Anyway, let me know next steps when you get a chance! THANK YOU!

 

Thx, Tim.

RE: the Repair: Does sfc/ scannow repair problem files?

Because I ran that.

Also, the last time I did a repair install, I got locked out of Windows. Probably something to do w/Toshiba's settings.

Is there any way to, I dunno, check what the problem is withOUT doing the repair until I've checked w/someone like yourself?

Or is this a question for the software section?

 

Then I guess we're done here, sir...thank you for the help.

PBot