Please Help Infected with Malware

Ok so I regularly download stuff and once downloaded a trail program. I went on another website and stupidly downloaded the "serial" for it and instead installed a bunch of viruses/worms/trojans (whats the difference between these anyway?)

The anti-virus I had at the time (CA) immediately popped up and told me this and I closed the installer as fast as I could. Anyway for the next couple days I battled Voodoo (I think thats what it's called) and countless other things I don't even remember. Then I found this website uninstalled CA and underwent the Vista Cleaning Procedure to a te.

Of course the damn summabitches are still lying in the depths of my poor computer. :cry

For some reason AVG couldn't create reports of the scans so I used the online Kaspersky instead.

Computer: Dell Inspiron 1501
Memory : 1918 MB
Edition : Windows Vista Home Premium

Thanx in advance

 

Hi Swarthy Geek!
Welcome to Major Geeks!

Were you able to run CCleaner? Your logs show that you have temporary files that are infected and should have been deleted but weren't. Please run CCleaner in the default position. Double click on the icon to open it. The windows tab will be the one on top. Just click on Run Cleaner in the lower righthand corner and say okay to the warning. When it's finished, the Run Cleaner button will be active again. Just close the window.

abri

 

Hi Swarthy Geek,

If you've finished with the instructions in post 2, please continue as follows:


1) Your computer is not in normal startup mode. Please do the following:

Windows Vista Users

* Click Start and type RUN in the Start Search box and hit enter, then in the RUN box type msconfig and hit enter.
* Select the General tab and select Normal Startup.
* Then click Apply and OK and reboot PC before continuing.
* Remain in this Normal Startup mode while your PC is being cleaned of malware.


2) Next, please do the following:

• Download and save to RenV.exe to your Desktop (must be on the Desktop)
• Now Copy the bold text below to notepad. Save it as Log.txt to your desktop.

3) Now using your mouse, drag Log.txt onto RenV.exe
When finished, RenV.exe will produce a new log. Attach the new Log.txt to your next reply.

4) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\Users\Samuel\AppData\Local\Temp\awvvu.exe
O2 - BHO: (no name) - {0B6BA190-5245-45B9-8B46-72B02EB366B3} - C:\Users\Samuel\AppData\Local\Temp\awvvu.dll
O2 - BHO: (no name) - {D005528E-7D98-4E79-A8D3-46F249590FB8} - C:\Users\Samuel\AppData\Local\Temp\awvvu.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)

After you click fix, just close hijackthis.

5) Download and install Erunt. Use it to create a backup of your registry.


6) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

7) Run ComboFix and then run C:\MGtools\GetLogs.bat by double clicking on it.

8) Attach the below new logs:

• Log.txt
• C:\ComboFix.txt
• C:\MGlogs.zip

 

I ran hijack this only to get an error message:

http://img246.imageshack.us/img246/4127/hijackthisssoy7.jpg

I don't want to screw anything up until I know what this means.

 

Hi Swarthy Geek!

Please continue with all the instructions except HijackThis.

abri

 

When I try and use Combo Fix I get another message that I didn't get b4:

http://img166.imageshack.us/img166/8008/anothererrormessagevt6.jpg

:cry:cry:cry

I ran it anyway and it restarts the computer and doesn't make a txt file.

 

Hi Swarthy Geek!
Please run Combofix as the administrator. You'll find the instructions for Combofix in the Vista portion of the READ & RUN ME. Then run the rest of the instructions I gave you, being sure you run them as the administrator. It's important to do it in this order. Your screen shots show that you aren't running them as administrator.
Thanks.
abri

 

I still got the same error message when I ran as an administrator.

I just ignored it and allowed it to run after I downloaded a fresh copy and deleted the ComboFix folder in C:\.

Here ya go!

 

Hi swarthy geek,

You have a new form of Vundo which is made worse by rebooting. Please use your computer only sparingly and try not to reboot until we can get a set of instructions to you.
Thanks!
abri

 

Hi Swarthy Geek!

1) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {62E505FE-36FD-4B98-A002-0C35A18D1323} - C:\Users\Samuel\AppData\Local\Temp\awvvu.dll (file missing)


After you click fix, just close hijackthis.


2) Next please do as follows:

• Download and save to RenV.exe to your Desktop (must be on the Desktop)
• Now Copy the bold text in the below code box to notepad. Save it as Log.txt to your desktop. (It must be on your Desktop).

Code:

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart .exe
C:\Program Files\CyberLink\PCM4Everio\EverioService .exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\PowerISO\PWRISOVM .EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Windows\System32\WLTRAY .exe

• Now using your mouse, drag Log.txt onto RenV.exe
• When finished, RenV.exe will produce a new log names Log.txt on your Desktop I may or may not ask for this log later.

3) Go to add/remove programs and uninstall the below:

- Java(TM) SE Runtime Environment 6


4) Double-click on CCleaner and run it in the default setting with the windows tab as the one on top.

5) Now Reboot

6) Install the current version of Sun Java from: Sun Java Runtime Environment

7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Wonderful. I wish I knew I shouldn't have rebooted before as I rebooted like a billion times already.

Anyway I followed all your instructions thanx for all the help!

I dunno. What does Vundo do? Internet Explorer doesn't pop up haphazardly like a billion times anymore and when I start my computer up it doesn't say it can't find a particular .dll or .exe file in my AppData\Local\Temp folder. Am I cured now?

Cheers

 

Hi swarthy geek!

1) Please run CCleaner at the default setting with the Windows tab as the one on top.

2) Step 2 of post 10 didn't work. This may be a problem with Vista. Please try it again to make sure it ran correctly. Use these entries to create the log.txt:

Code:

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart .exe
C:\Program Files\CyberLink\PCM4Everio\EverioService .exe
C:\Program Files\PowerISO\PWRISOVM .EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
C:\Windows\System32\WLTRAY .exe

Then pull the log.txt over on top of the RenV.exe which is sitting on your desktop. This will cause it to run. Post whatever results you get even if it doesn't run correctly again.

7) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates.

Thanks.
abri

 

Why are you thanking me? I'm the one who should be thankful.

I don't think the RenV worked as it said it couldn't find the exe files.

Here it is anyway

Cheers

 

Hi Swarthy Geek,
The reason it couldn't find them is because they're gone, so the deletion must have worked. How is your computer doing now? I think I would like for you to do one thing for me and that is to reinstall the MGTools.exe over the old ones and have it run again. I want to check the most recent version and make sure the newfiles log is correct. To do this, please go back to the READ & RUN ME FIRST, scroll down to the bottom and click on the link for your operating system and find the link for MGTools. Click on that and follow the instructions. When it tells you there is already one installed, simply have it install over the old one. Then post the new MGlogs.zip.

abri

 

I reinstalled Yahoo Messenger. Is that illegal?

 

Hi Swarthy Geek,

... illegal? No, you can install, uninstall and reinstall Yahoo Messenger as often as you want to.

Your logs are clean. Please follow the final cleanup instructions:

abri