Please HELP! I feel like throwing my new pc out of my unit.

Hi


To best help you NOT throwing your PC out of window, I would advise you to fully complete the Malware Remoavals Read ME below and attach all the logs as one set of logs do not show the whole picture sadly as malwares does its level best to hide from scans, so a few multiple ones and specialist scans as in the MGTools ones, will hightlight to a trained malware expert where this pest is hiding and then they can post some tailored instructions for you to remove the nasty.

Also please describe the issues you are having:

• Is it popups? if so do they have a name.
• Is your browser being re-directed to a less welcome site?
• Does your Anti-Virus software alert you to a Virus/Trojan? if so whats its name.

The more info you can tell us the better.

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Hi, yes

Attach the logs that the Read Me Guide specifies at the end if your still having issues

• SASlog.txt log from SuperAntiSpyware.
• Malwarebytes Anti-Malware log
• ComboFix.txt (normally C:\ComboFix.txt)
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

from these logs our malware experts will be able to determine the location and post some manual fix instructions to remove this malware form your PC.

 

You do not really have a SmitFraud infection. You have Vundo infections and some other issues.

You need to finish attaching the below two other logs that were requested:

• SUPERAntispyware
• MGlogs.zip (from running MGtools)

Also note that you did not follow the instructions for renaming and running ComboFix. Do not rerun it now but please be more careful following instructions.

 

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rony\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Rony\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

After clicking Fix, exit HJT.

Now we need to use ComboFix to remove a bunch of malware files.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now please re-run SuperAntiSpyware but make sure you get the updates first! Then run a new scan! Also please set the options as specified in the READ & RUN ME. You did not set those scan options as requested. We did specify to uncheck scanning for cookies. See this for quick reference: SUPERAntiSpyware - running & getting a log

Please attach the new log from SUPERAntiSpyware.


Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• SuperAntiSpyware log
• C:\MGlogs.zip

Make sure you tell me how things are working now!