Popups, Security Toolbar and assorted malware!

I have had a serious virus and spyware infection, including VirtuMonde. I repeatedly ran my antivirus and anti-spyware package (F-secure), Windows Defender, Vundofix, Fixvundo, and Virtumundobegone and removed the infected files so detected. However, the file mljgd.dll remains and I am unable to delete it. I am still plagued with popups and attempts to install a Security Toolbar in Internet Explorer. F-secure and Windows Defender continually have to block dlls which try and insert BHOs into Internet Explorer. I can now no longer load Spybot S&D or a-squared and am unable to install Ad-Aware (invalid floating point error). Also, I can't boot into Safe Mode and just get a black screen. I am a total newcomer to help forums and any help directed at such a novice would be most gratefully appreciated.

 

Hi uccaflp!
Welcome to Major Geeks! Please try running the following. If you can't do something, please continue with the instructions. Run what you can and post back to us. If nothing is possible, let us know that too.

Run this utility:

After you've run Combofix, please follow the instructions and links in the box below!

 

Very many thanks. I am now away from home for several days but will follow your recommendations as soon as I return. Thank you again.

 

Dear Abri
I have now run through the recommended steps. Please find attached the ComboFix file. This certainly cleaned up something and I was able to get into Safe Mode to complete the remaining steps, the files from which I will attach in the next two posts. My system seems more stable now but I am not sure if it is really clean and would very much appreciate your advice on the following attached logs.
Very many thanks.

 

Please find attached the CounterSpy, BitDefender and Panda ActiveScan logs.
Many thanks.

 

Please find attached the GetRunKey, ShowNew and HijackThis logs.
Again, very many thanks!

 

Hi ukccaflp!

1) We are finished with CounterSpy now. Please go to add/remove programs and uninstall:

-J2SE Runtime Environment 5.0 Update 6
-Java 2 Runtime Environment, SE v1.4.1_02
-Sunbelt Counterspy <-- we're finished with this

2) Now REBOOT your computer!

3) After you reboot, please install Java Runtime Environment vs. 6.3

4) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


5) If you do not know what the following files are, please scan them one at a time at either jotti or VirusTotal and let me know the results. When you get to the website, there's a small window where you can click on a Browse button to locate the file. After you've found it, click on submit.

6) Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking Fix, exit HJT.

7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

8) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

9) [/B]After you have completed ALL of the above in the correct order, please attach the following logs. ShowNew, GetRunKeys and HijackThis need to be run anew for fresh logs.

• Avenger Log
• ShowNew Log (newfiles.txt)
• GetRunKey Log (runkeys.txt)
• HijackThis Log

abri

 

Dear Abri
Very many thanks for your new post.
Steps 1-4. I have carried these out.
Step 5. WinFrotz.INI is part of an emulator which lets me play old-style, text-only adventure games, for which I must confess a weakness! I am not sure about the other two files but all three come up "OK" when scanned on "jotti".
Steps 6-9. I have carried these out and attach the Avenger log here. I will attach the remaining three logs to the next post.
With many thanks, again.

 

Dear Abri
Please find attached the remaining three logs.
Very many thanks.

 

Hi uccaflp!
Please go to post # 7 of this thread and Step #7 and run the same tool "Avenger" starting with "Run avenger.exe by double clicking on it", only this time copy and paste what's in the box here instead of the contents you used in post # 7.

Now run ATF cleaner again as in Post #

And now, please post the Avenger log.

abri

 

Dear Abri
Many thanks for your post. I have completed the steps and attach the Avenger log.
Thank you again.

 

Hi uccaflp!
I can't see anything else that needs fixing. If your computer seems to be running without malware symptoms, please follow the instructions in the box below:

Let me know how everything goes!
abri

 

Dear Abri
Everything now seems to be working just fine. I have run additional scans with f-Secure, Windows Defender and Spybot and no malware was detected. I am truly indebted to you and proffer my heartfelt thanks.
Warmest regards.

 

Great!
Most happy endeavours with your computer!
abri