PlatinumAdvertiser & other issues...

Hi Folks,
I'm praying someone might be able to assist me, I've been working on this for two weeks now, and it's worse not better.

System:
Windows XP PRO SPK2 (can't get SPK3 to install - fails)
Partitioned HD on MacBook Pro (nothing going on with MAC side of system)
Kaspersky Internet Security


Symtoms:

1. WGA Validation warning all of a sudden stating I'm using a counterfeit copy of Windows XP Pro, which I'm not and turns my screen black. - Not sure how to fix the issue.
2. system freezes and on re-boot to normal and safe mode I receive white screen with fuschia (yep, fuschia) squiggle lines or if the screen is black (like in safe mode) they're a neon green. - Believe this may have to do with a virtumonde issue coming up as...
   • PlatinumAdvertiser: Bookmark (Firefox:Sunny (default))
   • NOTE: Spybot S&D is the only one that locates this file.
3. Cannot access Task Manager in Normal Mode - finally can access in safe mode.
4. I notice I have a back up folder in my C Drive that says MYCYCLE which is were it appears a lot of serious vulnerabilities are registering with Kaspersky but not sure what to do with this folder. Please advise...
5. Quick question... Found something called PROR do I need this or can I uninstall it? Googled and not really finding any applicable answers. TY
   • Programs Ran to try to resolve the issues:
     • HiJackThis
     • Sbyboot S&D
     • Trojan Remover
     • smithfaudfix
     • Combofix
     • Added & Installed Recovery Console
6. Tried running Superantispyeware and it states that "the system administrator has set policies to prevent this installation." - Not sure how to fix as I am the only User Account and as the Administrator.
7. I notice I have a back up folder in my C Drive that says MYCYCLE which is were it appears a lot of serious vulnerabilities are registering with Kaspersky but not sure what to do with this folder. Whether its my actual back up or if it's something I can get remove with Secure File Shredding. - Please advise...

----------------------------------------------------------
After tons of searching to resolve these issues on both Major Geek & Spybot S&D & General Google forums I'm posting to see if I can not only get my computer running correctly, but in case any other folks are having any similar issues will be able to locate the proper steps to fix and not spend two weeks trying to find answers and fixes like I have.

In following the steps under the Read Me Section first this is what I was able to accomplish while logged onto Safe Mode with Networking...

Major Geek Read Me:

Step 1. Read Forum Rules & Guidelines

Step 2. Antivirus & Firewall:
Antivirus:
Kaspersky (KIS) Internet Security & Windows Defender
Firewall Software:
I believe all I have running is Windows Firewall

Step 3. HOuse Cleaning:
Don't have Viewpoint in my Add/Remove programs
Don't have Sun Java in my add/remove programs (only

Java(TM)

Emptying Kaspersky Quarantine Files:
I notice I have a back up folder in my C Drive that says MYCYCLE which is were it appears a lot of serious vulnerabilities are registering with Kaspersky but not
sure what to do with this folder. Whether its my actual back up or if it's something I can get remove with Secure File Shredding. - Please advise...

for Kaspersky 2009 on Windows XP:
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\QB
and did a secure shred of these 14 files.

Ran CC Cleaner:

CLEANING COMPLETE - (1512.464 secs)
----------------------------------------------------------

--------------------------------
57.1 MB removed.

Now attempting to re-boot into normal mode to continue with the instructions...

Was able to reboot in normal mode:
Found that the WGA issue with the counterfeit warning did not come up, nor did my desktop turn black. ;-)

Step 4. Configuration & Setup;

Display hidden files, system files and file extensions - enabled (was previously - but doubled checked)

MSconfig: Changed to start up in Normal Mode (was in selective)

Step 5. Uninstall Known Malware & Unwanted Software:

Did not have anything on the list installed, but uninstalled all other software that I no longer needed or wanted.

Quick question... Found something called PROR do I need this or can I uninstall it? Googled and not really finding any applicable answers. TY

Step 6. Select and run the all steps in the cleaning link below based on your Windows Operating System: My System is Windows XP Pro

1. Disabled Spybot S&D Teatimer - then rebooted

At 1st re-boot Windows opened Windows XP Professional Setup, which had not displayed before and had to re-boot again and select Windows XP Professional to boot into.

Another Note: Recovery Console no longer appears, though I previously installed.

Once properly re-booted, Adobe Updater immediately started to run wanting to install updates - which all failed (again - haven't been able to update) Then received the error: Adobe Set Up Encountered a Problem and needs to Close. Report to Microsoft...

Another Update for Microsoft appeared (not service pack 3) but for Windows Defender - not sure whether that update completed successfully, it disappeared from the task bar.

So back to Windows XP Cleaning...
Step 1. Download Tools:

SuperAntispyware - just previously downloaded updated version and haven't been able to run the install - currently have a previous version installed. Previously before starting the steps for Major Geek, I would get an error message in trying to install the updated free version of superantispyware "the system administrator has set policies to prevent this installation." Which when we get to this after all the Tools Downloading in the next steps, I hope that what has been done thus far has resolved this issue...

Malwarebytes Anti-Malware - downloaded and changed file name when saved to mb.exe as directed.

Combofix.exe - Just previously downloaded

RootRepeal - Error Message Received in trying to access the link for the dowload:
The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal. - After a few attempts finally received the download file.

;-)

MGTools: saved to c:/

Step 2: Installing Tools and Running Scans

SUPERAntiSpyware - running & getting a log:

Ahhh... So here in this set of instructions are the link to the fix for dealing with my issue of "the system administrator has set policies to prevent this installation." Now working to fix this issue and run a scan to receive a log.

Something done previously must have fixed this issue, as per the instructions for the fix, this had already been corrected and I didn't have to change anything.

After running superantispyware for almost an hour after following all installation and configuration instructions it located two trojans (unknown locations) and the fuschia
distortion started again and then the system completely froze.

Also, Mozilla had an error message that appeared very briefly that stated that there was an error with 0x00012dde8

Hard shutdown and reboot completed and following the next set of instructions to try and re-scan to get a log... but noticed that my clock had been changed on my task bar to military time. Not a good sign. It found a trojan - but not the one that Spybot S&D had found. So unfortunately, after the reboot - the system froze when trying to get the log(s); the fucshia came back to the screen again and froze the system, so another hard shutdown and reboot into Safe Mode to try and get the log for superantispyware, but already know that the main issue on my system isn't resolved.

Was able to get the log for Superantispyware and save. See Below...


Now on to Malwarebytes.

 

Now on to Malwarebytes...

In Safe Mode Successfully installed and updated.

Going to attempt to reboot into normal mode and run the scan.

Successsfully was able to run malwarebytes and it found 1 more trojan, Trojan.Vundo

Here's the log...
----------------------------------------------------------

 

Combofix: Ran without any issues or interruptions... Log Attached
--------------------------------------------------------------

RootRepeal:
Nothing found 0 hidden folders/locked file(s)!.... No Log Attached it was empty

---------------------------------------------------------

After re-boot the system immediately went into Windows Pro Startup - not Windows XP Professional so had to do second re-boot to select this...

MGTools: Ran fine - and attaching all logs now...

Will run spybot S&D again now to see if it still picks up having PlatinumAdvertiser...

 

After completing all the scans & logs recommended and then running Spybot S&D again to see what it would locate on my system, it came up with 26 items, including the original issue of both the PlatinumAdvertiser that is a firefox bookmark & virtumonde.sci that is a trojan in the registry key.
So unfortunately, the stuff is still on my system, please see the snapshot & log for Spybot S&D now attached.

Please any known fixes &/or Removal instructions would be tremendously appreciated, as I seriously need to be able to use this system to get back to work...

Thank you for any suggestions or help anyone has to offer.

 

Re: Need serious help... PlatinumAdvertiser & System not Booting Correctly...

Still surfing around trying to find help and unfortunately, coming up with more problems than what I started with. Really disappointing.. :cry

Now my system constantly freezes and wants to re-boot in Setup for Windows XP and the viruses, etc. are still there. Nothing recommended has worked to get this stuff off of my system.

I keep checking back to see if anyone will respond as I truly need help and would tremendously appreciate it...

Thanks again...

 

Re: Need serious help... PlatinumAdvertiser & System not Booting Correctly...

Hi,

Really needing some assistance as I was online and opened a live chat that uses Java and all of a sudden the fuschia squigglies came back again, froze the screen and then shut down on its own and started to re-boot, but when re-booting, it went to the white screen but with the fuschia squigglies back, then when the screen went into the black screen with the neon green squigglies all over the screen, then a beautiful rainbow of clorored blocks all over when it was going to the black screen where you would select either the recovery console or Windows XP Pro - but it will automatically go into Windows XP Pro Setup now (how do I get rid of that or change it?). Then it shut itself down automatically again and re-booted to a normal white screen, then the black screen without any squigglies on either and I was able to select the normal Windows XP Pro and now I am back here, praying someone can assist me.

Thank you in advance for any responses and/or suggestions...

 

Re: Trojan.Vundo & many more... system doesn't boot correctly...

Morning,

I'm back to getting freezes on the system and the white and fuschia lines on the screen at re-boot. Not sure if I've included too much information or not enough to be able to get assistance, but would tremendously appreciate any thoughts, suggestions, anything as I'm at a loss and have no idea why I can't get this stuff off my system and that is affecting it this way...

Please help...

sad.gif