Need help removing malware(logs attached)

Discussion in 'Malware Help (A Specialist Will Reply)' started by austo82, Aug 29, 2006.

  1. austo82

    austo82 Private E-2

    Hi, I have a few different malware on my computer although they may have all come from a single trojan downloader. Spybot is finding Astakiller, Smitfraud-c.toolbar888, and Virtuamonde. It says it fixes them but when I run it again they still show up. I'm attaching the logs from the scans mentioned in the "read this before posting message". I have also attached 2 more logs in a reply to this message. I don't have a panda active scan log because when I connect to the internet a bunch of stuff gets loaded onto my computer and it goes all screwy before I can finish the scan. Hopefully these logs will tell you what you need to know to help me get rid of the very anoying malware on my computer. The internet is basicly unusable on my computer and I have to use a different one just to send this message. Thanks in advance for your help.
     

    Attached Files:

    Last edited: Aug 29, 2006
    austo82, Aug 29, 2006
    #1
  2. austo82

    austo82 Private E-2

    Other log file attachments

    Here are some other logs.
     

    Attached Files:

    austo82, Aug 29, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Other log file attachments

    Welcome to Majorgeeks!

    Your OS is way out of date and is a major security risk. This is one of the reasons you are so badly infected. After we finish your cleanup, you will have to get updated and also better protected.

    Since you are so badly infected we will have to work in steps and also we will have to run some addition tools to fix some of your many problems!

    Let's begin. Please run this Look2Me VX2 Removal and attach the requested log.
     
    chaslang, Aug 30, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Other log file attachments

    Next goto Add/Remove Programs and uninstall the below items:
    Search Bar
    Viewpoint Media Player

    Note the below are dangerous and quite possible infected (or even if not infected a source of your infections).
    LimeWire 4.9.33
    Morpheus 5.0 (remove only)


    Where is your log from running CounterSpy? You did not attach it as requested.

    Now run this: Running Ewido Anti-Malware and attach the requested log from Ewido.

    Now after completing my previous instructions and the steps in this message, please attach new logs from ShowNew and HJT.
     
    chaslang, Aug 30, 2006
    #4
  5. austo82

    austo82 Private E-2

    Yeah i've been wanting to update to Windows SP2 for a while now but I only have dial-up because I can't get dsl here and its over 200mb to download. Does microsoft have an SP2 update on CD? Anyway I attached the look2me-destroyer log hopefully I'm clean from that at least. Another thing that might tell you something is every time I start windows a message comes up that says "windows cannot find 'c:\WINDOWS\system32\nsms.exe' ". Thanks for your help.
     

    Attached Files:

    austo82, Aug 30, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that's a start! Now do what I requested in message number 4.

    Don't worry about nsms.exe. We will get to that later. It is one of your many malware problems.

    Yes I believe you can order SP2 from Microsoft on CD. Check that out in the Software Forum.
     
    chaslang, Aug 30, 2006
    #6
  7. austo82

    austo82 Private E-2

    Ok I removed search bar, viewpoint media player and limewire(I never use it anymore anyway). I tried removing morpheus a long time ago and it wouldn't work and I tried in safe mode today and still no luck. When I try to remove it in add/remove programs it just opens up a blank IE pop-up window and does nothing else. I did run counterspy but it didn't find any problems except morpheus and I forgot to save the log. I'm running another counterspy scan right now so I can get a log for you(I'm using a different computer to post this message). I haven't gotten to ewido yet, i'll do that next. We will have to continue this tomorrow because I need to get some sleep before work. Thanks again for all your help.
     
    austo82, Aug 30, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Just attach the two logs when you finish and then we will continue. I'm hoping Ewido picks up a bunch of things I was seeing and removes them automatically. Make sure you allow Ewido to fix what it finds.
     
    chaslang, Aug 30, 2006
    #8
  9. austo82

    austo82 Private E-2

    Heres the ewido log. Ewido found and cleaned a lot of stuff but when I start up my computer ewido will notify me of files infected with look2me and virtuomundo(which I clean but they still come back when I restart). I'm still working on that counter spy log, it crashed when I tried to save the log last time and counterspy takes forever to do a scan.
     

    Attached Files:

    austo82, Aug 31, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Windows Network Security Management Service ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Now repeat the above stop and disable for the following services:
    Windows Genuine Advantage Registration Service
    Microsoft Windows Spool Service

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    nsms

    Now repeat the Delete NT Service steps for:
    wgareg
    Windows Spool Service

    If you receive any error messages just ignore them and continue.

    Now exit HJT and reboot when it tells you it needs to.

    After reboot get a new HJT and a new ShowNew log and attach them.

    We have a lot more stuff to cleanup.
     
    chaslang, Aug 31, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds