no tool bars or download

Hi

Yes their are a few going around, one notable one is this one http://www.networkworld.com/news/2007/033007-new-virus-comes-disguised-as.html

Best bet for your friends PC is for you or them to follwo the below and attach all the logs requested.


Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Yes Halo is correct! You can also read more about this Trojan and see a snapshot of the email here:

http://www.f-secure.com/v-descs/trojan-proxy_w32_grum_a.shtml

 

You did not run AVG Antispyware! Please run it and attach the log or run CounterSpy as requested in the READ ME.

Based on your newfiles.txt log, Panda was never started. It would appear in add/remove programs if it was. This it sounds like you actully did not get passed the initial steps. Are you using Internet Explorer to do the scans. Uninstall this old Sun Java version: Java 2 Runtime Environment, SE v1.4.2_05

You have a service left over from Symantec that needs to be removed.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to SymWMI Service
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteSymWSC into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT and reboot when it tells you it needs to.

Also please install rename HijackThis.exe as requested and also only attach a HijackThis log from normal boot mode as requested in the READ ME. Attach a new one from normal boot mode after renaming.

Is the below something you configured?
"PostOOBE"="C:\\WINDOWS\\system32\\wscript.exe C:\\DRIVERS\\POSTOOBE.NEC //E:VBS"


Now please download F-Secure's BlacklightBeta

• Download fsbl.exe and save it to the Desktop.
• Once saved... double click fsbl.exe to install the program.
• Click accept agreement and Click scan
• This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please attach the BlackLight log.

 

My directions did say to ignore error messages! It was deleted as desired.

Put a copy of the C:\DRIVERS\POSTOOBE.NEC file into a ZIP file and attach it here.

 

Well that does not look like a problem!

I don't think your problem with IE is currently due to malware since none of the scans show any problems. You may want to take a look at the below:

http://support.microsoft.com/default.aspx?scid=kb;en-us;555130

If that does not help, try uninstall Windows Internet Explorer 7.

 

You're welcome. Make sure you and your friend work thru the below:

How to Protect yourself from malware!