Need help, tried eveyrthing i could..

Jyp · Jan 17, 2010

Ok, so yesterday when i was roaming around the web...
"Window Security Alert" started to pop up and told me to download stuff.
Obviously, i knew it was fake and i have received a virus...
So I click on my Norton 360...but it doesn't work.
I tried restoring but it failed constantly saying "System failed restore"
Then I went into Safe mode and running norton 360 quick scan...
only 1 "threat" was found and nothing else.
So i thought it was gone and went on to normal window.
Exactly two hours later, I get the same pop up...
This time it was worse...system restore didnt work, task manager gone, security websites redirecting, etc.
I went into safe mode, but the virus were popping up in safe mode as well.
So i followed my friends guide and pressed "change back to last good setting" after pressing F8 constantly.
Then went on to normal window. Viruses werent there but now i keep getting these pop ups, "Internet explorer has stopped working," "Google installer had stopped working."
I downloaded Malwarebyte and made it work by following some guide on internet...ran ccleaner, PC tools antiviurs, Hijackthis, registry mechanic, Threatfire, and some free online scans...
Still, i see symptoms of viruses...
Also, I couldnt install AVG, trojan remover, spybotsd, and superantivirus...

i followed pretty much all the steps for this forum...except i couldnt use superantivirus...

currently im uploading Hijackthis report and rootrepeal report
I will shortly upload Malwarebyte report and MGtool report once its finished.

Jyp · Jan 17, 2010

Log for mgtools

Edit: Malwarebytes failed due to "System Not responding"
Running Ad-aware...been 3 hours

Jyp · Jan 17, 2010

Norton's remote assistance didnt work either...
I really need help people...

TimW · Jan 19, 2010

Let's first straighten a few things out. You installed MGTools to your desktop:
C:\Users\Paul Park\Desktop\MGtools.exe ----> it should be moved to C:\MGTools.exe

You never downloaded and ran ComboFix. And I also want the SAS log.
As instructed in the READ & RUN ME FIRST. Malware Removal Guide

It also appears as though you had or still have numerous left overs from different AV programs.
C:\Users\Paul Park\AppData\Roaming\AVG8
C:\Program Files\Trend Micro\Internet Security
C:\Program Files\ESET

As well as still having multiple AV programs installed:
Norton 360
PC Tools AntiVirus 6.1

Please use add/remove programs to uninstall:
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME
Java(TM) 6 Update 5

Now copy just the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"=-
"cls_pack.exe"=-

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now use windows explorer to find and delete:
C:\Program Files\Trend Micro\Internet Security
C:\Users\Paul Park\AppData\Roaming\AVG8
C:\Program Files\ESET
C:\\Users\\PAULPA~1\\AppData\\Local\\Temp\\cls_pack.exe

Now run CCleaner.

Now download and install:
Java Runtime 6

Now run SAS, ComboFix and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:
* SAS log
* C:\ComboFix.txt
* C:\MGlogs.zip

Log in or Sign up

Need help, tried eveyrthing i could..

Jyp Private E-2

Attached Files:

hijackthis.log

rootrepealreport.txt

Jyp Private E-2

Attached Files:

MGlogs.zip

Jyp Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member