safewebnavigate.com

About a week ago I started getting pop ups and they claimed to be windows security. Whenever you try to close them they open internet explorer and take you to a site for Ultimate Defender. I have F-Secure antivirus and it doesn't pick up anything. I also get a big pop up that covers my background wallpaper with a big red biohazard symbol that says that my privacy is in danger. I have tried everything that I know how to do. I have found other posts that say things about something called Hijack This and I have no idea what that is. I'm not a pro at this I need layman instructions if you get my drift. Please help!!!

 

Hi mel_g!
Welcome to Major Geeks.
Please run the following two sets of instructions. Post the log from the first set of instructions before continuing on with the second set of instructions.

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

After you finish the above, please go to our READ & RUN ME FIRST and locate the instructions for downloading and running the following three scans: ShowNew (newfiles.txt), GetRunKeys (runkeys.txt) and HijackThis (hijackthis.log). These last three don't take long to run and will let us know if your computer is still infected. Be sure to follow the instructions in the READ & RUN ME for properly installing and running HijackThis. It needs to be in its own folder under C:\ProgramFiles and it needs to be renamed from hijackthis.exe to analyse.exe.

How are things working now?

abri

 

I did Step 1. I have attached the rapport.txt.

 

Ok, I did step number 2 and it's looking good. I have attached the second log.

 

Here's the log from GetRunKey.

 

Here is the ShowNew log.

 

Here is the Hijack This log. Am I done? There doesn't seem to be anymore pop ups! Yay! I think it worked, but I will wait for you to confirm. Thanks!

 

I didn't get your hijackthis log. Please post again and attach it.

There is at least one remaining file indicating a purity scan from April 26th, which means we will want to look back several months for other possible infected files. This takes awhile, so please be patient. In the meantime, you can help us by going back to the READ & RUN ME FIRST and working through it. Follow the instructions for showing hidden files and for installing and running Spybot and CCleaner, etc. The more you can do from the READ ME, the better chance we have of making sure your computer is completely clean so the infections won't come back.

Thanks!
abri

 

Ok, I am in the process of first reading and then running the Read and Run Me First Section. I am also printing it to use for future reference. I have recommended you to my family and friends! You're a lifesaver. Sorry about the Hijack This log. I have attached it again.

Thanks so much!

 

One more question. Will F-Secure run with Spybot, or will they contradict each other?

 

Hi mel!

F-Secure and Spybot won't conflict. I've spent quite a bit of time looking through your newfiles log and it occurs to me that the purity scan infection I found may be a remnant left over. It looks like it was in your computer just before you installed F-Secure, leaving me to think that F-Secure may have picked up the virus and gotten it out of the system except for this one folder. It would be very helpful for me to be able to look at the scans you're missing, so thanks very much for doing them.

abri