please help.. i have a popup..iworm_attck_v122.02a

I tried to follow the protocol that I was to do before posting. However, i could not use spybot because it kept freezing and I could not update ad-aware but was able to scan with it. I did go to safe mode CC, ad-aware,microsoft spyware, norton antivirus, hijack this, ewido and also bitdefender. i have logs of the scans. Some of the scans found things to delete. One found a "dialer".. but my computer is still infected. Please, any help would be appreciated. thanks

 

Please post the logs as indicated by the Read Me.

 

Here are my scans

 

i think i missed some, here they are

 

hello?

 

anyone there?

 

saturday night and no one is home

 

I must ask, why are you running "VirtumundoBeGone"?

To keep things moving along please relocate HJT.

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

After you have completed the above, procede with the below...

Please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

 

Here are the 2 logs

 

You are running an anti-spyware program which is not trusted or recognised to be safe, this link provides some details: - http://www.spywarewarrior.com/rogue_anti-spyware.htm

Therefore it is recommended that you remove it using the Add/Remove option on your computer:

Start-Control Panel-Add/Remove

Look for the following program and remove it:

Spyware Cleaner

Now scan and have HJT Fix the following:

Post a fresh HijackThis log.

 

myia,

Your definitions are out of date, please update the definitions and run another sweep and attach the new log. SPD will check it shortly.

 

I looked into my add/remove and did not see anything named spyware cleaner. I did go to HJT and checked those 2 boxes and got rid of them. I might not be upto date on my definitions because my computer kept freezing whenever I tried to update any of the spyware. I will try again now. I have so many programs loaded on my computer now I'm sort of confused. I have zone alarm on, norton antivirus, webroot spysweep,spysubtract,counterspy, microsoft antispy... I was told/or read, at different times during this mess, to download all of these.

 

forgot the new HJT log... here it is

 

SpySubtract is not a tool we use or asked you to download. Intermute SpySubtract is now Trend Micro Anti-Spyware, and isn't really that effective. You can uninstall this tool.

CounterSpy is only to be downloaded and ran if you can't run Microsoft Anti-Spyware on your computer.

Update the definitions to SpySweeper and run a full system scan. If the definitions won't update; then don't run a scan using SpySweeper. Instead use Ewido Anti-Malware which you have installed; make sure you update the definitions first. Post the log from which ever one you run.

 

I uninstalled spysubtract. My spysweeper just freezes when I open it. I cant do anything with it. I've attached the ewido log.

 

Your last HijackThis log showed no malware. The Ewido log shows mostly cookies and 3 items in the MSAS Quarantine that were cleaned. If SpySweeper is not urning correctly uninstall it.

How is your computer running?

 

My computer seems to be running ok. The last time spysweeper froze I shut down my computer and it took about 10 mins. I'll try to shut it down now and see. I was on yahoo trying to play spades but when it got to the spades room I only had a blank screen. I dont know why that would be. Should I uninstall spybot s&d because that has been freezing up the same way spysweeper is?

 

now spysweeper is freezing in uninstall.

 

control/alt/delete wont even open

 

If your system and Spyware applications are still freezing, you may still have some malware on your system that the other logs are not showing.

Follow the directions for Running WinPfind by OldTimer.

Post WinPFind.txt when finished.

 

ok, another 15 mins later and i'm back. i finally figured out how to shut down my pc without waiting for it (i know thats not good). i noticed a new antispyware on my computer that i did not download. it was not there until just now. i tried to uninstall it , i restarted and it was back... it is called pc-doctor. it must be something bad because it came back after i uninstalled. i have no idea where it came from originally. i havent downloaded anything since yesterday that i can remember.

 

i see a folder in my program files... pc-doctor for DOS

if that is helpful

 

here is the winpfind log

 

http://www-3.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-43283

 

Your logs are coming back clean. You may be experiencing problem with the OS itself; or one are more oieces of software that are installed have become corrupt. You may have to uninstall and reinstall some of your software. I would start with applications running in your system tray. Typically when Windows takes a long time to shut down is because it is having problems ending a running process.

Run HijackThis, click-on Open the Misc Tools Section button. Click-on Open Process manager. Copy & paste that list into notepad and post as an attachment.

 

i guess there is nothing on the logs that can be addressed. i know my computer is still messed up. i'm reading about a msmsgs.exe potential virus or something that can let in trojans... i noticed i have alot of msmsgs files one is in prefetch...which, from reading, it is not supposed to be there.... i have no idea what i'm doing, not computer smart... any help would be appreciated.

 

Post the list of ruuning processes, I asked for in my previous thread.

Run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

 

sorry must have missed that last post. here is the list

 

prefetch has like 50-60 files... do you want me to delete all?

 

Yes!

 

Ok , done with the last 2 things.

 

There is nothing unusual in your running processes.

The only thing we haven't done is look for a RootKit.

Download Blacklight Beta from here:
http://www.f-secure.com/blacklight/try.shtml

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

 

I guess I flew right by the save part of blacklight. Anyway, the scan said nothing was hidden, zero's on all lines. I'll go back and save it this time. The only problem I'm having now is at shut down... takes fooorrrever. It pops up a window that says ending progrom and the program at top of window on blue strip is CCApps. I also notice on start up zone alarms pops up saying symantec users session is trying to access the internet.. I think it also says CCApps somewhere on that popup. What is all that about?

 

I just noticed I have "error" and "attention" msg on my norton antivirus screen.. the error is on email scanning and the attention is on the antivirus. It wont give me any information on whats going though. I only have an old disc for my norton. I've been updating it every year via the internet. I dont have any of the info because this is a new computer, the last one crashed and I didnt bother with taking any info off it. Maybe it would be a good idea to take norton off and get rid of all that symantec stuff...seems to be my problem somehow??

 

Norton may very well be the problem.

Take a look at How to Protect yourself from malware!

 

I have read that link. I have done everything there except change to mozilla. Can I take out norton and replace it? What about symantec...which seems to be more of a problem. Will the symantec stuff be uninstalled if I uninstall Norton? I cant redownload Norton with the disc I have. I'd have to go buy another or download something from the internet. What do you suggest I do? I notice also that when I'm in yahoo games I cant close my browser unless I do control/alt/delete.

 

Also, what is ccApps and why is it slowing down my computer when I try to turn it off?

 

ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

It is part of Norton. Your Norton is very likely corrupted. You will want to uninstall norton.

 

Ok, I can do that. Should I buy another Norton Antivirus and install it, or is there something online I can download?

 

Have a look at How to Protect yourself from malware!