problem updating anti virus

Welcome to Major Geeks!

Each time you posted and additional message, you bumped yourself to the bottom of the work queue and thus delay getting an answer even longer than normal. You should have read this sticky you were given: Don't Bump! It Only Hurts You!!!

Before you tried to run ComboFix, did you shutdown your protection software as requested?

You are EXTREMELY out of date with your version and databases of Malwarebytes. You did not update as requested. Now run Malwarebytes and click the Update tab. Then click the Check for Updates button so you update to the current version of the program and database. Then run a new scan with it too. Attach the new log.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of Sun Java as rquested in the READ & RUN ME:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_01
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) SE Runtime Environment 6

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vyrwc.dll/sp.html#29126
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a786e841-0541-427e-a26a-a5e078bfcd86} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Owner\Application Data\ttuh.exe
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA
O8 - Extra context menu item: &Search The Internet - res://C:\WINDOWS\Downloaded Program Files\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {92F05779-6D88-4958-8AD3-83C12D855D67} - http://www.activesearch.com/tb/toolbar.cab
O18 - Protocol: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - (no file)
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\WINDOWS\system32\sofatnet.exe

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Download HostsXpert and then follow the below steps.

• Unzip HostsXpert.zip
• It will create a folder named HostsXpert in whatever folder you extract it to.
• Run HostsXpert.exe by double clicking on it.
• Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
• Click Restore Microsoft's Hosts File and then click OK.
• Click the X to exit the program

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\TEMP
C:\Documents and Settings\Owner\Local Settings\Temp

Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



Then attach the below logs:

• the updated Malwarebytes log
• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Your infection keeps spreading/respawning. So I dug a little deeper into your logs and I'm sorry but I have to give you bad news. You will have to do a total clean reinstall.


I can see the reason for your problems and also why ComboFix will not run. Your logs show that your Windows Operating system files have become infected by a Virut infection and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected. Anything you may have already backed up that is an executable type file (things you downloaded to install programs....etc) are most likely infected and will cause you to be reinfected if you reuse these files.

Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the infection.

 

You're welcome. Surf safely!