Multiple Trojans, Did all Read & Run Me, Still Problems

I am a soul lost in a sea of data and buttons. Please bear with my ignorance. I have followed the Read and Run Me directions as close as I am able and it seems to have rid my system of certain spyware, etc, but the results that seem to be occurring from malware are still happening.

Let's Start at the beginning: Early this year Avira Anti-virus detected a few problems, which I quarantined and went along my business, thinking it had been dealt with. I am learning the hard way that I should have done much more. I read more details about them yesterday and noticed 2-3 were trojans. I deleted the quarantine list and my copy of the names has disappeared with it. I do have a couple. 1. TR/Dldr.WMA.Wimad.N A trojan located in http://www.fastmp3player.com. Yes, I was downloading illegal music and have also learned the hard way what I shouldn't do. 2. Virus or unwanted program 'HTML/Crypted.Gen [virus]' 06/04/08
detected in file 'C:\Documents and Settings\Rebecca\Local Settings\Temporary Internet Files\Content.IE5\S6BTYQIH\a@Top1[1].htm.
Action performed: Deny access.

As the months moved on, weird things started to occur on my computer. Most notably, when I was online, every time an video type program such as an ad would try to start a pop-up would appear saying, "A Runtime Error has occurred. Do you wish to Debug? Line: any 4 numbers Error: object required" With a choice of clicking yes or no. I am not able to close it without clicking one or the other and sometimes it would pop up 30 times in a row. This slowly became worse. I thought there was something wrong with my computer programming, setup, whatever. I didn't understand that it was malware.

Then, later every time I restarted the computer. Windows would not start and "Plug & Play Configuration Error" would appear. Control-Alt-Delete was the only way to get out and start windows.

Eventually, the Plug & Play quit appearing and just a cursor would appear. The only way I could get around this was by clicking F2 quickly to enter setup and then escape after it reached setup 5 minutes later.


I am now knee deep in fun and have done all of the steps for Read and Run Me. A few things have occurred. I tried to erase the multiple anti-spyware downloads, etc which I thought happened, but after restarting it said they were still running even though they were not listed on programs. In addition, any settings I reset for most programs would change when restarting.

Also, the Runtime Error pop-ups seem to have disappeared though I haven't been online a lot. In addition, the Plug & Play Error has reappeared when restarting the computer.

I know this is a long explanation, but I figure any info helps and it's better to give it now. Note: I only scanned the C drive, but have a removable hard drive? which I did not scan (wasn't sure). It is a backup drive that has mostly documents on it, but some programs. Someone set it up for me and copied early this year. I have it connected and running half/most of the time.

I have attached the required items.


Thank you for your help and patience.

Rebecca

 

[FONT=Verdana, sans-serif]Welcome to MajorGeeks.com![/FONT][FONT=Verdana, sans-serif]

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

[/FONT][FONT=Verdana, sans-serif]Read & RUN ME FIRST Before Asking for Support[/FONT]





[FONT=Verdana, sans-serif]Note : Since you state you have followed the Read & Run Me instructions, please post up the logs as attachments.[/FONT]

 

MGlogs.zip

 

Weird, I thought I had them attached.

 

Thank you very much for your help. I was called away out of town unexpectedly and do not have access to my computer for a few days, but will follow your steps as soon as I return. After reading your notes, my only concern is that I did delete Kazaa (I thought I did it correctly) as I was directed. I mentioned earlier that a number of programs which I deleted or changed were still there or returned when I restarted my computer. Is there a definite way to make sure Kazaa will be deleted?

Thanks,

Rebecca

 

Sorry, that's what I meant, uninstall. I went to the Add/Remove programs in the control panel, found the program and uninstalled it. It went through the motions, then saying it was gone. It did the same thing with Comodo Firewall. I uninstalled it, the computer said it was gone, but the program was still there after restarting the computer. I will try to uninstall it again when I return and make sure to note the specific happenings and quotes the the computer responds with.

 

Hi,

I made it back to my computer (if only for a few hours). I began the Java uninstall steps and it resulted in:

1. When deleting Java 2 Runtime v1.3.1... it gave a checklist saying shared program files, standard program, folder items, program folders, program directories, and program registry entries were uninstalled. "Uninstall complete. Some elements could not be removed. You should manually remove items related to the application. I looked at the details and this was listed.

"Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1_03\lib\applet'.
Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1_03\lib'.
Unable to delete folder 'C:\Program Files\JavaSoft\JRE\1.3.1_03'.
Unable to delete folder 'C:\Program Files\JavaSoft\JRE'.
Unable to delete folder 'C:\Program Files\JavaSoft'."

2. It seemed to uninstall the Java (TM) SE Runtime Environment 6 Update 1 correctly b/c I did not receive any pop-ups or responses.

3. Should I uninstall the Java (TM) 6 Update 5?

4. When clicking on Kazaa Media Desktop 2.1.1 to "change/remove" a popup appeared with RUNDLL at the top and saying "Error loading C:\Windows\System32\cd_clint.dll. The specified module could not be found."

5. I did not continue with the next steps b/c I figured I needed to finish these first.


Thanks a lot for giving up your extra time to help me.

 

Okayyyy, I think we have a winner! I have followed your steps and


1. Registry Editor

“Information in C:\Documents and Settings\Rebecca\Desktop\fixme.reg has been successfully entered into the registry.”

The folders did not exist which you said to delete if they were there. (Java Soft, etc)

I added the Java 6 Update 10 from Read Me and deleted version 5, the program erased off the list, but there was no success message.

2. I fixed the specific 03, 09, 020, 024 from HJT.

3. The 2nd fixme.reg was successfully entered into the registry.

4. Question- Is there any reason to not erase the programs downloaded from Run and Read Me (combofix, mgtools, HJT, etc)? That is my next and final step.

5. I got the other problems fixed from Dell. Yes, it was the BIOS. As explained to me the processor was getting stuck at the printer before hitting the hard drive so made it start with the hard drive. Yeah!