instant access, zango, backdoor and more

first, thanks for this great resource. i believe i have followed your detailed instructions. as dad of several teenagers, i often come across the unexpected, including the following problems.it appears from what i see in the logs, i have a porn dialer (instant access), malware called a betterinternet transponder and a variant of a backdoor virus. i have attached the logs . all your help is certainly appreciated.

 

Please post the Logs from GetRunKey, ShowNew, and HijackThis.

 

here are the logs you asked for:

 

Download
- Pocket Killbox

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6 available from Sun Microsystems. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

Be sure to tell me how your computer is running.

 

i'm on it. thanks alot

 

its all done. a couple of things caught me by surprise and i'll list them below.
one thing that is different is it takes a long time to start up, that is for the desktop to show with the icons lit up. the hard drive light was on while i was waiting. this also happened when i wanted to browse when saving the hijack this log file to a certain directory. (possibly due to blocking virtual expander? I have this at the end of the post.)
note the two entries you said to mark in the hijack this panel are still there on the attached "afdter fix" log. Is this correct?

Here's some of the error messages i encountered along the way. (the one you warned me about, however, never showed up.)
when i rebooted in the safe mode, i was prompted to insert my dell installed program disc, which i did, and everything was ok. When i went to the desktop to get the file fixreg.reg, i got a window that said "There is no disk in the drive. Please insert a disc into drive." I had 3 options, continue ,cancel and ignore, plus the x in the corner. I did all 4 before the window closed and it went on. I think the order i pressed in was ignore, continue, cancel, then x'd out of the box. On clean manager were zero bytes so it looked like all the files were gone. i did get a popup box saying that virtual expander wanted to add to my toolbar. I can't remember what it was so i blocked it. is this the reason for the slow hard drive problem? I have changed the hard drive on this pc.

 

There are no visible signs of malware in your HijackThis log. Authentium may be causing the 2 O6 lines to appear in your log.

VirtualExpander is file compression software for Sony MicroVault USB flash drives. You don't really need it running a system start.

How is your computer running?

 

perfectly, and it has not been this way for a long time. I and many others surely appreciate your dedication to helping out us, the less fortunate, at least in trying to figure this stuff out. thank you very much.

 

You're welcome. It is time to do our final steps:

• If we used Pocket Killbox during your cleanup, do the below
  • Run Pocket Killbox and select File, Cleanup, Delete All Backups
• If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
• If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
• If you are running Windows XP or Windows ME, do the below:
  • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!