please help with w32.myzor.fk@yf & more

Hi,
I seemed to have picked up some viruses and malware and would like some help cleaning my computer up. I followed that page and did all the steps it told me to do and I have some attachments for you to read. Please let me know what my next step is because I have been at this all day.
Thank you,
Derek
p.s. part 1 of attachments

 

part 2 of attachments from Derek

 

Please attach the log from ShowNew.

Follow the directions for SpywareQuake & SpyFalcon Removal Procedure.

w32.myzor.fk@yf isn't really a virus, it is a "Fake" warning issued by a family of Homepage Hijackers; and is indicative of a Smitfraud type infection.

 

Hi,
I will start those procedures. I did attach shownew....it's called newfiles.txt. That is how it saved it.
Thank you,
Derek

 

I'm sorry you are correct, I meant to ask for the log from GetRunKeys.

 

The runkey was blank, there was nothing in it. Also, I keep getting this virus alert from AVG - while opening file: c:\program files\perfect codec\isaddon.dll
trojan horse downloaderZlob.FIH.
I found that folder and could delete everything but one file that keeps telling me it wont delete because access is denied so I tried renaming too and still doesn't delete. I also have this yellow triangle with ! inside flashing on my task bar flashing between that symbol and a ball with thorns or something like that and a message saying Critical System Errors! System detected virus activities. They may cause critical system failure. Please, use AntiSpyware software to clean and protect your system from parasite programs. Click this balloon to get all available software.
I can't get on the internet anyway because other pages just show up that seem to be virus related or something like that so I have been using my laptop to do all of this and send over files via msn messanger.
What else should I do??
Thank you,
Derek

 

If the Runkey was completely blank then it isn't installed correctly, as in you ran it directly from the zip file. Unzip GetRunKeys to it's own folder and then run the batch file.

 

ShowNewFiles is not installed correctly, unzip ShowNewFiles to it's own folder and run from that locatiion. Do not run directly from the zip file.

 

Post a fresh HijackThis log.

 

Sorry about that....I didn't realize I did that wrong. They worked when I extracted them in their own folders. Here are the 3 things you asked for.
Thank you,
Derek

 

Hi again,
I was able to remove that folder in safe mode and then I started in normal mode and ran my Webroot Spy Sweeper and it seemed to clean the problem up. It told me to restart my computer and when it restarted that symbol of the yellow triangle with ! and flashing ball was all gone. I was able to get back on the internet and update to Explorer 7.0 so I guess I lucked out. I appreciate your help and I always keep this site as my home page incase anything ever goes wrong. Everyone on here has always been so helpful.
Thank you again,
Derek

 

No you have not gotten all the infection.

Download
- Pocket Killbox


Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis

 

Hi,
I just got your message and I just ran Hijack This and didn't find these lines at all...
O2 - BHO: (no name) - {192c5b4a-3efd-40c7-9f99-c472deb8efc0} - C:\Program Files\Perfect Codec\isaddon.dll (file missing)
O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - C:\WINDOWS\system32\dcvwaah.dll
...so maybe my Spy Sweeper got rid of them. Is that possible??
My computer seems to be running fine.
Do I still need to run Pocket Killbox??
Thank you,
Derek

 

You can look inside the system32 foilder if the file is still there then you can run killbox. It's probably no longer there since the ***ociated HJT entry is no longer present.

 

Hi,
It seems to be gone so it looks like Spy Sweeper finished it off. I appreciate your help. I always know where to turn if I ever run into any crazy stuff!!
Thanks again,
Derek