Need help with multible Viruses

Hey, an online friend accidently sent me a link that was packed with Trojans, HiJackers, Spyware, and Malware (I have no idea how he managed to go there without suffering from the mass infection like I did. ) and I ran several Spyware and Anti-Virus programs and got rid of over 6 Trojans and HiJackers but I know I still get more because I get this: (**Do not Click on**)slimshield.com/landing.htm?wm=netscreamer&soft=sshield&subacc=002 popping up every 5 minutes. I just need someone who is experience with what is spyware and what is not and how to get rid of it to diagnose the further problems my programs didn't catch.

Should I post the logfile of what I see now or wait for approval? Before I do post it, I accidently deleted Online Services in the Program files when I was trying to get rid of a program that got damaged by one of the viruses and now I keep getting Windows cannot find Program.exe errors. How do I replace the lost file? Sorry, I emptied the Recycle Bin before I realised the mistake.

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs. TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your Program Files directory, right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the needed tools to this folder and if you prefer, create sub-folders named for each individual utility.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

To Repeat: Please be sure to reply in this thread if you need further assistance or have any questions. Someone WILL be along to help you as soon as they can. You can help us help you by following the above instructions and providing detailed information as to the difficulties you are having and/or continuing to have after you have completed the Basic Spyware, Trojan And Virus Removal tutorial. Just telling us you followed the tutorial does not give us enough information. You need to let us know the results...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

We all recognize that if you are here asking for help you are probably frustrated and maybe even angry that your computer has been taken over by some malicious program. Rest assured, we want to help you but that we get frustrated too when we are not given the requested information or when instructions are not followed. Don't be afraid to ask for additional help if you don't understand something! There is no such thing as a dumb question and we do not expect everyone who comes here to have vast computer knowledge, however you will be more educated and better prepared to prevent re-infestation when you leave here!

Good luck!

 

LOL!! Interesting auto-reply.

Yeah, I do need further help with it. I don't want to do anything further on my own without doing something stupid and messing up my computer.

Here is the logfile.

 

First:

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:
Click START > My Computer > Local Disc C: > Program Files
Now, RightClick on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:
Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
(C:\Program Files\HJT) and click Next.

Now run HJT from there. Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.


Second:

You have not ran all of these steps as there are no signs of you doing the online scans! Please pay close attention and follow forum guidelines closely.

Please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal



After you have completed ALL of these steps, attach a NEW HJT log.

 

Here's the txt file. Tell me what problems I am facing at the moment. The one I am currently physically seeing is this stupid SlimShield ad popping up from my harddrive from time to time. I hope there is nothing there that is an immediate threat that will do major harm to my computer because I just got my computer back from the shop (with the total cost of $300 to get my harddrive replace from it being burnt out.) so my computer runs differently from what I am used to. It's like a new computer.

 

Can somebody please help me out with this?

 

Agahnim, You still have not done the online virus scans. You have MULTIPLE issues and these online scans will help with some of this. Please follow forum guidelines so that we can better assist you. Your log has NO signs of you doing these scans. All we ask if that you follow forum guidelines and pay close attention to our instructions.THIS READ ME IS REQUIRED!

Before we continue, please follow ALL of the steps mentioned in this sticky thread:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

Hmmm.... I thought I did the scans. The crap must've came back. I am loading in my programs in your list to scan my computer right at this moment but I do want to let you know is that SpyWare Blaster will not work. I keep getting a message when I press on the program's button. The message is attached here. I need to know how to fix that. I am scanning with my other programs so if it is a virus or something that the programs can detect and get rid of, then I can download Spyware Blaster later. The other stuff on your list does not work for me because I have Windows 98.

 

Oh ok. I got everything scanned in that list and now I am gonna do those Online Scanners right now and post up the log file.

Normally I would do the steps provided but I am in a state of panic that my computer will be damaged again by a Virus. Whoever creates Viruses needs to go to hell.

 

I just got rid of those now. I am doing the Online Scans now to see if it will catch any more stuff.

TrendScan or whatever it is called is not working for me.

 

Ok, I followed your guide and also did Safe Mode to. Some of the bad programs did put up a fight to but I managed to get rid of them except this piece of dog turd: O15 - Trusted IP range: 67.19.185.246 I looked up to see what that was on Google and saw that it was a link to a porn pop-up ad. My online-friend who is not to computer smart had said he had found a funny image and gave me the link. Without thinking, I clicked on it since he usually sends links to photobucket pictures of comic strips and stuff, but this time it was a link to a Girl's Gone Wild pop-up ad picture and just as it loaded, AVG and Norton went crazy saying that my computer was being overrun by Trojans and Spyware. I told my friend several times NEVER to visit any porn sites (Besides containing disgusting content) they contain nothing but bad Viruses and stuff. *Sighs*

O15 - Trusted IP range: 67.19.185.246 will not go away on my HJT scan. I fix it with the scan and scan again and it is back. Here is my log file.

 

Now corrected:

 

I followed your exact steps with the move.reg and others but the little bastard still won't die.

 

Oh, for the start-up thing, I just clicked on the option "Load at Start-Up" and didn't turn it off yet.

I don't see any dll files even though I did follow your steps and turned the hidden feature off. No se.dll or Pidp.dll

I even searched on Find in my Start but it comes up with nothing.

 

I don't see any dll files even though I did follow your steps and turned the hidden feature off. No se.dll or Pidp.dll

I even searched on Find in my Start but it comes up with nothing.

 

I had forgotten how to use ZipItFast Pro since I haven't used it in a very long time. Can you link me to a tutorial? Also attached is something I want to know whether it is something that is supposed to be there or not. It's circled in red.

 

I'm back. I couldn't stay up any longer. I was on the verge of falling asleep at the desk. Anyways, I just got back on and noticed AVG catching this Virus everytime I clicked on IE: Startpage.16.M SE.DLL and my homepage has changed into something else and pop-up ads appear. It wasn't like this yesterday. Everytime I moved to the Vault or Deleted the Virus, it comes back. I hate the Advertisement industry.

Here is what I am seeing.

Now I am going to do the Zip thing right now but I can't do it with Winzip because I don't have $40 to blow away on a stupid program I would rarely ever use.

 

Also, I can't post the Zip of the list thing you wanted me to save here. It says it is too large.

 

The file is 250.6 KB

My AIM, My Computer, and my other programs are infected with this gay virus.

 

I'll split the file in half and Zip it that way.

 

Holy crap that is a big file. I guess it is thanks to my high graphics games that I have on my computer.


Here is part 1 and 2 of the zip. I still got more to go.

 

Here are the final parts.

 

And the very last piece:

 

Here it is.

 

I followed what you told me in the bold section I created here. I posted what I see in the window. I tried entering cd C:\\WINDOWS but it comes up saying it is an Invalid extention. Sorry, I am kinda slow on this since I never done this before.

 

Oh! Now I see. The \ next to the W made it look like \W = \\

I have bad eyes.

I did what you said and it kinda worked except for this. What does it mean?

 

BDonlineScan? I didn't install that. I haven't been installing anything except for what you been telling me to install. I haven't even installed my new Sims game yet and will not until I get everything installed.

 

Here ya go.
I do see the se.dll stuff there this time but I didn't see

C:\Windows\BOO.EXE
C:\Windows\FAP.EXE
C:\Windows\FIM.EXE
C:\Windows\GSH.EXE
C:\Windows\KCE.EXE
C:\Windows\LCI.EXE
C:\Windows\LLD.EXE

in the hjt scan.

 

I'm from the future.

Nah, my time keeps changing for some reason.

Here is the file again just incase you missed it since I was editing the message to post it up after forgetting to do so.

 

I believe you. I just thought I got rid of them on hjt and they weren't showing up on hjt. I'll try to search on Find like I did to the others and get rid of them.

*They are now dead*