New problems with Antivirus2008

I am still having problems with this.My pc recently came up with a message from antivirus2008 which told me I had got all sorts of problems.I tried trend micro housecall but this didnt detect any problems so did a search on antvrs.exe and this is a virus.malware.How can i remove this

 

Re: Adware_memwatcher

Hi alankew,

Sorry you're still having trouble.

Try Removing Zlob aka SmitFraud, SpySheriff, Infections.

If that doesn't remove it, go back to the Windows XP Cleaning Procedure and download MalwareBytes and run that.

One of these should get it out.

Let me know how this goes.
abri

 

Re: Adware_memwatcher

Heres the text file from Smitfraud fix

 

Re: Adware_memwatcher

Hers the file after cleaning

 

Re: Adware_memwatcher

Hi alankew,
Did you run MalwareBytes? If so, please post the log if it found anything.
Thanks.
abri

 

Re: Adware_memwatcher

Malware bytes log file before and after cleaning attached

 

Re: Adware_memwatcher

Hi alankew,

Please run the following two scans:

Using Combofix

USING MG TOOLS

Then attach the Combofix log and the MGlogs.zip (directly under C)

abri

 

Re: Adware_memwatcher

Abri here the CF logfile

 

Re: Adware_memwatcher

And heres the MG logfile

 

Re: Adware_memwatcher

Hi alankew,

It's hard to get rid of, because of the way it keeps itself going. Here's what McAfee has to say about it:

http://vil.nai.com/vil/content/v_100635.htm


Question: Does your antivirus find this if you boot up disconnected from the internet and run the antivirus scan?


And now please do the following:

1) To begin with, please disable Spybot's TeaTimer. This can be done two ways.
First:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

or Second, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot

2) Go to add/remove programs and uninstall the below:

- Java(TM) 6 Update 5

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment


5) Next please download Registry Search (see the link titled RegSearch Download Link )

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Enter HotEkc.exe in the top area of the form and then click "Ok".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well). Attach this file to your next reply.

6) Then please run Silent Runners and Running GMER to detect rootkits as well. Try to run these scans right after Adware_Memwatcher has been found and if your browser is active, leave it running.Attach both of these logs together with the RegSearch results.

Thanks.
abri

 

Hi Alankew,

I've moved your most recent posts to this new thread. When you reposted in your old thread and wrote that you are still having problems with this, I understood this to mean Adware_Memwatcher. Chaslang suggests you mean you are having a new set of problems. If that is the case, you need to start over with the READ & RUN ME FIRST and do it over. You didn't uninstall Combofix when I asked you to last time, so I need for you to uninstall it before you do the READ ME. To uninstall it do the following:

• If you installed Combofix to the desktop and renamed it cf.exe, it can be removed by going to Start/Run and copy-pasting in "%userprofile%\Desktop\cf" /u
• Check for the following and if found, remove them as well by deleting them: ComboFix.exe (if it wasn't renamed), C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, and the C:\combofix.txt log that was created.

After you finish the instructions in the READ & RUN ME, please attach the logs. You don't have to rerun those scans you already did except for Combofix, but you need to go through all the initial instructions again as there's been a lot of time to accumulate new temporary files that need to be gotten rid of and to see if Spybot picks up anything.

Thanks.
abri

 

Hi Abri,sorry should have made myself clearer.I am still having issues with pages being slow to load and lagging/hanging and presumed it was because of Malaware.I am not sure if its Antivirus 2008 that is causing the problem as I thought this had now been removed.I will work through the read and run list and post the appropriate files

 

Abri Spybots s and d still found traces of Antivirus 2008,this has now been removed but i am not sure how to completely remove it from quarantine,cn you advise.Thanks

 

Also I have a previous version of MGtools which is on my destop,how do i remove/uninstall this as it doesnt come up in the add remove programs

 

I have done steps up to running combofix but when i copy and paste in "%userprofile%\desktop\combo-fix.exe" /killall and press ok it comes up with c:\documents and settings\owner\desktop\combo-fix.exe is not a valid win32 application and will not allow me to run this program.Have tried to run from my documents and it tries to run but says that it is an out of date program but doesnt give me the option to update and then doesnt allow me to do anything with it

 

Apologies for sounding dumb but in the part about show hidden files and folders should Hide extensions for known file types option.
and the Hide protected operating system files (recommended) option have a tick in them or not.I have done this so many times and am a little confused as to their previous default state and when I do untick Hide protected operating system a warning comes up saying that doing so may cause the system to be inoperable

 

So far SAS found nothing,Sand D found nothing,Malware antibytes found several trojans(attached logfile)

 

Heres the combofix log

 

Heres the MG file.I am not sure what the virus/trojan/malware is called as I think Antivirus2008 is now removed but pc has been very slow when browsing the net

 

Tim sorry about that!Here is the new MWB file.Do i need to delete the files in the previously run MWB that are now in quarantine