Malware problem

Welcome to Majorgeeks!

Did you try cleaning up whatever BitDefender was finding in the old email file. Please compress your BitDefender log into a ZIP file and attach it.

You need to rerun CounterSpy and allow it to fix everything it found except realvnc which I assume you installed yourself and want. After rerunning it, attach the new log.

If you do not cleanup all the junk out of the multiple backups on multipe drives, it is going to be difficult to help you get properly cleaned. You must fix these backups! Look at all the stuff in your logs and start deleting all the obvious malware. I cannot sit down and create a step by step procedure to have you delete all these. There is just way too much bad stuff in there. You have to take some initiative and work thru this yourself to make your logs more manageble.

You have a big problem due to the fact that your Windows version is way out of date. After all malware has been removed, you must get updated and you must get better protection. You don't even have a firewall. And you were not using any antispyware applications to protect you until you installed Counter (which is only a 15 day trial).


Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Windows Update] host.exe
O4 - HKLM\..\RunServices: [Windows Update] host.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\windows\system32\wkssr.exe
C:\windows\system32\host.exe

Now run Ccleaner.

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Your logs are clean!

But why are you putting all of those infected files from the D drive and the C:\Files From LaptopFolder and the C:\Old 15 GB Drive folder back onto the hard disk. If you insist on reloading infected files, you will obviously never be clean.

Probably not a malware problem. It could just be a configuration issue. However it may be due to the fact that you have all this malware on the D drive and in backup folders on the C drive. What media are you reinstalling from? Is it an original CD made by Microsoft or are you using a copy of a CD made by you or someone else? If not original, it could be infected. Where are all the infected backups being reinstalled from?