malware that's being sent to all my messenger contacts

Welcome to Major Geeks!

Do the below while I look thru all of your logs.

Now Disable Spybot's TeaTimer as requested in the READ and RUN ME

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) SE Runtime Environment 6 Update 1
Spybot - Search & Destroy 1.3 <-- 3 years out of date
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

 

Make sure you finish the instructions in message number 3 before doing the below.


Let's begin by removing the malware service that is probably your main problem.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to at9es3beue
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteat9es3beue into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

I now also suggest you delete the below from your Desktop

Code:

"C:\Documents and Settings\puny\Desktop\"
BACKUPS       Dec 13 2007              "backups"
hijack~1.exe  Dec 12 2007     1308216  "HiJackThis_v2.exe"
hijack~1.log  Dec 13 2007        7617  "hijackthis.log"
NEWFOL~1      Dec 11 2007              "New Folder (3)"
NEWFOL~2      Dec 11 2007              "New Folder"
spybot~1.exe  Dec 12 2007     7467056  "spybotsd15.exe"

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

Nothing in step 3 could do anything like this. All you were doing was turning of Teatimer and uninstalling a load of old software.


See if you can do step 4 anyway. Even if you have to do it in safe mode.

 

That's because it is running but they could be masking the real name to make it more difficult to locate.

Everything? Does that mean you did the step with Avenger?

Can you dowload things onto your other PC and then somehow copy them to the problem PC?

On the PC with the problem, can you get System Restore to run?

 

Don't worry about Sun Java right now. You can always get it later.

Absolutely not! It does not say that. It specifically stated that only after all malware is removed to turn off system restore. The reason for this is just for situations like you are having now. It is a fall back point.

If you have turn System Restore off and it has been off all of this time, then you have no restore points to fall back too.

 

That's quite possible. I'm not sure whay got your PC into this state because just uninstalling those programs cannot do this.


Please see if you can do the below so we can attempt get that service stopped. I had given you the wrong name for services.msc. The one for Deleting with HijackThis was correct. Here is the full correct procedure .

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Print Spooler Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteat9es3beue into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but and reboot when it tells you it needs to.

After reboot tell me if there is any change to your problems.

I have to get some sleep now. I have to get up in about 3.5 hours for work.

 

I'm not sure exactly what you mean. Do you have Desktop icons and a Start button in the system tray? Are you sure that you just don't need to change your screen resolution? Right click the Desktop and select Properties. Then click Settings and adjust the slider for you Display settngs to the correct resolution you normally use.

 

You're welcome. It would be a good idea just to look at a final log.


Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.