Please help!

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis​

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • CounterSpy - only for Windows XP, 2K, & NT users
  • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • runkeys.txt - the log from GetRunKey.bat
  • newfiles.txt - the log from ShowNew.bat
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Actually no you have not! Please see the instructions again and run ALL of the procedures and attach ALL 6 of the requested logs. HijackThis was not the first thing nor only the we requested. You cannot remove Virtumonde problems by just seeing and using a HijackThis log. Also you are using MSconfig to control startups. Based only on what I see in your HJT log it appears that you did not run most of the READ & RUN ME.

 

If PandaActiveScan is the only thing you have not been able to run then attach the 5 other requested logs.

Make sure that you have re-run HijackThis to get a new log after all the other steps were completed and make sure MSconfig is not being used.

Why are you running this PC without proper protection?

 

Please see step 0 of the READ ME where we specify the MSconfig must not be used. Follow those directions and then get new logs from GetRunKey and HijackThis. Then we will be able to work up a complete fix.

Note: I really was not chastising you about the protection. I just wanted to know why. We here all kinds of reasons for not having proper protection. And then there are also some people who really do not know that they were not properly protected.

 

While I was waiting for you to attach the new logs, I started going thru all of your current logs and found you have a load of problems. It will simply some of our manual cleaning steps by having you run another tool which should help remove a bunch of problems. On the downside.....I will be asking you for another set of logs that from after you run this tool. Sorry but it will make it easier for later steps.

But first Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11

Now the other tool!

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT
4. the ComboFix log

 

This could be because your Windows XP version is so out of date and it cannot be properly supported. This will make the fixes we have to do manually quite long and it will take a while for me to put this together.

I will probably have something sometime tomorrow. Right now I need some sleep. I only had 2 hours yesterday!

However let's give the follow procedure a run and see if it will run properly:

Using SDFix


If it runs, attach the log that is requested.

 

Why haven't you just upgraded this PC in the past? However do not even attempt that while infected.