Removal Guide Followed... Still Have Issues

I had a huge attack three nights ago, after coming across a web page, I am ashamed to say, I should not have gone to, that coaxed me in to clicking a button to download some sort of tool to view videos.

It was a sham, the videos did not work, but from that point on, I got slammed with pop up windows, task bar balloons, very slow system, etc.

After three days of running tons of scans using: Spyware Doctor 5.5, Adaware 2007, AVG, and several others, and finally, following the Malware Removal Guide here, things are much better, far less annoying, and far more stable, but I still have issues.

I have no more popup windows or blinking yellow triangle exclamation points in the taskbar, but I have a few outstanding issues:

1. Whenever I first start and do a first search after a reboot or restart, using my primary browser Firefox, or, Internet Explorer search field, it says:

"Results 1-10 of about 491,000,000 for "sex" (0.05 seconds)"

even though I search on nothing of that! It only does it on the first search attempt for either browser after reboot, then, after the first, it gives the normal search results on whatever the search content.

2. Internet Explorer: I don't use it as my primary web browser, but, when I load it, it always defaults to a website: http://puresafetyhere.com
and has a box in the middle called "Windows Internet Explorer
Warning! W32.Myzer.FK@yf is a virus that infects files with .exe extensions....."

It also gives bogus details about the fake, such as length of infection, severity, and you can choose OK or Cancel. I click cancel, and close out the web page, to no effect. But when I reset the home page to my default web page as the ONLY home page, at next reboot, there is the same junk!

3. Microsoft Outlook: always ran a little cumbersome before the attack, but, now runs REALLY slow, especially after I load it and have it up for a few minutes. After a few minutes with Outlook up, the cooling fan on my PC is running at high speed (now) like a jet engine on takeoff. And the "Send/Receive" status indicator in the lower right of Outlook, struggles to climb above 50-60%. i.e. Outlook is rendered about useless after just a few minutes loaded... I think Malware is still harming it. And my entire system is running choppy, and slow.

I have attached my report from AV scan, MGlogs.zip, and ComboFix.text as specified in the guide. I sure appreciate any help.

Thank you.

 

Partial success. Reset Internet Explorer to defaults and it fixed the Search Hijack for it. Used the RUN prompt: firefox -safe-mode and clicked the box beside each of 1. Reset all user prefs to Firefox defaults and 2. Restore default search engines.

This forever fixed all Search hijacks with Firefox.

But, with Outlook 2003, it still runs slow to the point of 100% CPU usage. The best I can do is remove Indexing Service which, but if I exit and then restart Outlook, CPU usage pegs at 100% and the PC essentially must be rebooted.

Any ideas of what would make CPU usage peg at 100% besides Index Servicing? I have also did a scan of my Outlook.pst file using the scanpst service.

 

Hi tdfuller!
Welcome to Major Geeks!

1) Your AVG didn't fix anything. Did you get any specific error report when you ran this? You may need to turn off your computer and disconnect from the internet. Then boot back up without an internet connection and disable any antivirus and antispyware software you have running. Then rerun AVG Antispyware and see if it fixes those things it find this time.

2) Go to add/remove programs and uninstall the below:

Viewpoint Media Player


3) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

4) Now I would like for you to stop a service.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Symantec Core LC
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

Now run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Do the following belong to programs you know or want to keep? If not, please fix them as well.

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.freeietool.com/redirect.php (file missing)


Does the following belong to either your ISP or your computer manufacturer? If not, please fix it as well.


O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop


After you click fix, just close hijackthis.


5) Now run CCleaner in the default setting with the Windows tab as the one on top.

6) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates.


Let me know how things are running now?

abri

 

Abri

Thank you much for your help, and detailed help at that. My PC seems to be almost 100%, except for one thing.... Microsoft Office Outlook 2003 - which after I start and run it for a few minutes, pegs the CPU Usage under the Performance tab in Windows Task Manager.

When this happens (CPU usage pegs 100%), a shutdown/restart is required b/c the PC is basically taxed out, running slow, and the cooling fan is running at high speed.

Any ideas? All scans come up clean now, so my guess is that it a non-malware related issue? I installed Microsoft Office 2003 service pack 3 and that does not solve the problem. I have googled for help on this matter.

My next attempt is to uninstall, and then reinstall Outlook 2003, after I try to do a repair re-installation.

I have attached the latest MGlogs.zip and latest log from the AVG Antispyware scan.

Thanks

 

Hi tdfuller,

You have several Symantec services still running. Please run the Norton Removal Tool (SymNRT)

If Spyware Doctor is the trial version, please uninstall it.

When you finish that, please run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

If the Norton Removal tool takes the Symantec entries out, then you probably won't find the 016 lines, but if so, please have HijackThis fix them.

If you are still having problems due to Outlook, you may need to post about this in a new thread in the Software Forum. Your logs are otherwise clean. Please follow the finish up steps in the box below.

You may want to delay resetting your System Restore until you have found the problem with your email.

abri

 

Abri, Thank you - followed your final advice - had to run Norton Removal Tool twice because it did not remove the code the first time.

PROBLEM WITH OUTLOOK 2003 SOLVED! Unbelievable!

The culprit was McAfee Security Center. :yum

I have been using it for at least two years, with all protection enabled, including inbound email scans, and it has not adversely affected Outlook, until now.

One of their recent updates now blocks the POP3 client from properly receiving inbound email, with the "Inbound email scanning" feature enabled. I disabled it. I will attempt to contact McAfee to let them know as well, but for now I will post the fix here in case others have the same problem.

PROBLEM: Your system has McAfee Security Center and you are using Outlook 2003. You are attempting to use an external POP3 email account with Outlook 2003, and get the following error:

Log onto incoming mail server (POP3): Outlook could not connect to the incoming mail server (POP3). The problem could be your SSL or port settings for the incoming server. Verify your port and SSL settings under More Settings on the Advanced Tab.

CAUSE: A recent update to McAfee Security Center (MSC), on or about February 13, 2008, now causes MSC to block incoming mail through POP3 email clients.

FIX: Disable inbound email scanning with MSC. Right click the MSC icon in the task bar and then left click Open Security Center.

Under Protection Status, left click the arrow underneath Email & IM, and then left click the bubble to disable inbound email scanning.

This will produce a second icon in the task bar that look like a white X inside a red circle, alerting the user that McAfee's full protection has been compromised. This is fine, in order to prevent MSC from blocking the POP3 client.

POP3 inbound emails should now work with Outlook 2003.

 

Thanks tdfuller!
That's good news.

There is some evidence that email scanning is neither good nor necessary for protecting your computer. Since your antivirus scans all the files on your computer anyway, the extra scanning of the emails can lead the folders to become corrupted. Additionally, compressing them on a regular basis will also protect them from corruption.

All the best to you and your computer.
abri

 

Thank you, and thank you again for all of your help Abri.

Case Closed