I'm infected with PC-Antivirus Malware

Hello, Please help me! I have been trying to clean my computer of the
PC-Antivirus malware. It has pop-ups that come out of nowhere about every half hour. I have used just about every credible free spyware remover program there I could think of. None of them have deleted or detected this one. This thing is really hidden! Experts once again, please help me. It will be greatly appreciated. I have attached my Log.

 

Hi soleone,
Welcome to Major Geeks!

I can see you have some bad files and I expect there are more that can't be seen, because HijackThis isn't comprehensive. Please go through the instructions in the READ & RUN ME FIRST and attach the requested logs with your next posts.

Thanks.
abri

 

Thanks, I'm ready for the next step. Superantispyware didn't find or need to repair anything. The other logs are attached. Just a reminder for anyone else who may want to help with this or has the same problem, I am infected with PC-Antispyware malware that has annoying popups appear around every half hour. I can't tell you what was clicked on to allow this intrusion. I have these popups

1)
" Security System Protection Control Panel " TrojanDownloader.XS.
It is a White and Blue window that says 'Security system Waring"

2)
A red box mentioning something to the extent of:
Alert Details
File: C:\WINDOWS\wml.exe
Threat:Abebot

3)
System Integrity Scan Wizard
Warning: Your computer may have critical errors in Windows registry and file system!

and 4)
Yellow Triangle with exclamation mark in the bottom right corner where the clock is located. Its constantly prompting me there is spyware infecting my system and is directing me to a website to download some spyware remover.

 

Hi soleone,

Let's try the following. If that doesn't complete the removal then I'll give you an additional tool to run.

1) What is in the following folder? (You can look in the folder, but do not open any files if you don't know what they are.)

C:\Documents and Settings\All Users\Application Data\wtutibyv


2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKCU\..\Run: [nxxzsoti] C:\WINDOWS\system32\kdglktqr.exe
O4 - HKCU\..\Run: [mfscgqdl] C:\WINDOWS\system32\luncxidw.exe
O4 - HKLM\..\Policies\Explorer\Run: [7J0HCG9uV8] C:\Documents and Settings\All Users\Application Data\wtutibyv\ulixqfyr.exe
O4 - HKLM\..\Policies\Explorer\Run: [Es8bXPiEhb] C:\Documents and Settings\All Users\Application Data\wtutibyv\ulixqfyr.exe


After you click fix, just close hijackthis.


7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the 'Execute' button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

8) Now run CCleaner at the default setting with the Windows tab as the top one.

9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Wow! You're good. Everything worked. The popups have stopped and I am very happy! The logs you requested are attached. I hope things look as good as they seem. Thanks again

 

Hi soleone,

Your logs look good. Please go through the final cleanup instructions to remove the tools and logs we had you put on your computer and to set a clean restore point:

abri