Most difficult virus I've ever seen

Welcome to Major Geeks!

You need to try running our cleaning procedure (all steps) as given to you in the email you received when signing up.


Also I suggest that you tell us what version of Windows and SP level you have and also check the sizes of the below files in bytes and tell us the sizes:

system32\eventlog.dll
system32\netlogon.dll
system32\scecli.dll

 

Yes you have Windows XP SP3.




I'm going to give you some steps to follow. You MUST follow these steps exactly and they MUST be performed in the order written. I suggest that you read thru all of it first before running any steps.

1. Download The Avenger by Swandog46, and save it to your Desktop.
2. Extract avenger.exe from the Zip file and save it to your desktop but DO NOT RUN IT.
3. Now download and save the below two files to the root folder of your Windows boot drive. Normally this would be drive C. If you do this correctly, you will then see C:\MGtools.exe and FixAVP.exe You need to redownload this MGtools file because it is a new version. Just overwrite your previous version.
   • MGtools
   • FixAVP
4. Now run MGtools.exe by following the instructions given here Using MGtools which will help your understand how to run it and what will happen. You don't need to worry about attaching the MGlogs.zip file that it mentions yet because we have more to do and new log will be obtained later.
5. Now run the FixAVP.exe file by double clicking on it. This will attempt to automatically run Avenger (which you downloaded above) and it should also try to reboot your PC so don't be alarmed when this happens.
6. After Reboot, and if all goes well, a new scan by MGtools should automatically take place because Avenger will try to run C:\MGtools\GetLogs.bat which will begin all the scans again.
7. When GetLogs.bat finishes running, there will be a new C:\MGlogs.zip file and now it will be time to attach it to your next message. Make sure that you allow GetLogs.bat to finish running. It will tell you when it is finished. Do not close the command prompt window on your own until it is finished.

 

Sory about that. Try it now.

 

Looks like you did not download and use the new version of MGtools as requested first. Please download and run it now and attach the new log. Looks we fixed the bad DLL file.

Then uninstall both SUPERAntiSpyware, Malwarebytes, and ComboFix and delete any copies of the installers you previously downloaded. Now download new versions from the below links:

• SUPERAntiSpyware
• Malwarebytes Anti-Malware
• combofix.exe

Install them, update them again (always necessary) and the see if you can run scans. Follow the original instructions for running these scans. Attach logs from any of these that run.

 

According to your logs SAS was never installed so there should be no folders to remove. MBAM however was installed. Did you first try uninstalling MBAM? It still shows as installed. Make sure you try to uninstall it now since my steps below will be deleting folders for MBAM and you will not be able to uninstall it once the folders are forcefully deleted.

At least one of your necessary Windows Services does not appear to be running. Click Start, Run, and enter services.msc and click OK. This should bring up the Services form. Scroll down to the Windows Management Instrumentation service and double click on it. Make sure that the Service status: is Started Also make sure thet Startup type: is set to Automatic. If these are not set as stated, changed them to be set properly and click Apply. Then double check to make sure the change worked.

No matter whether the above works or not, still do the below.

You need to save ComboFix.exe to your Desktop as previously requested. Do not run it. Just save it there so that my later steps with Avenger can try to run it.

Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

• Run avenger.exe (which is on your Desktop) by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

You now must put your PC into Normal Startup mode with MSconfig as requested in step 4 of the READ & RUN ME.

Now uninstall the software:
Bullseye Tool Bar
Java(TM) 6 Update 7
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!