*sigh* have some malware...

Hi

I have completed the "Read First" thread & after many hours of scanning have some files below. My usual AVG, Spybot and various other soldiers didn't pick anything up.

I have had several problems with my pc recently, notably it's inability to pick up updates on webpages and giving me old data, unable to stay logged in with any password to various websites and similar issues

The only thing I could not do in the instructions was GetRunKey. I did try the solutions posted on the Using GetRunKey thread. I did a print screen & have posted a copy of the error message I was getting for that.

System: XP home, sp2. Browser: Firefox but also having the same issues in IE & Netscape.

 

Next attachments

 

OK first of all lets test regedit.

Goto Start --> Run , type in Regedit and hit enter.

What happens ? If regedit run just close it. If not tell me what the error message says.

You shownew isn't running properly either.

Run shownew from a command prompt so we can see the full problem.

Goto Start --> Run , type in CMD and hit enter.

In the command prompt dialog paste the following by highlighting it (including the quotes ""), right clicking and selecting copy then right clicking in the command prompt window we just opened and and selecting paste. Press enter to run the command.

Once the command has run right click in the window again and select Select All once all tthe text is selected just press enter to copy it to the clipboard.

Run notepad and paste the results into it again by right clicking and selecting Paste Save the file on your desktop and upload it here for me to view.

 

Thanks Matt. I've really struggled to log in here & post this afternoon so hopefully this will go through

Regit - I did as you said anf it brought it a Regsitry Editor. Is that what should happen? I just closed it as you told me

Shownew brings up the text attached below.

I appreciate the help!

 

Thanks for the help. I really appreciate it. I have attached the txt file of the error I am getting after following these instructions.

My pc is doing v odd things. I am not sure how much is related to this, maybe none of it, or how much is relevant. I'm keeping a list of odd things because if they are relevant, they might help.

Y/day my Outlook Express simply vanished. It was there all morning and when I went to open it up, it was simply gone off my desktop. There was no program in my start menu or even a folder for it in my program files. I had to do a restore to get it back. Restore itself tookl half an hour.
Old files, deleted 3 years ago, are popping up along with programs that I removed last year (like MS Outlook was there in place of Outlook Express!)
IE is now the only browser that will open for me but if I get error reports and click to report them to Microsoft I get a message that microsoft files are missing.
Like I said, I don't know if any of this is relevant. I am trying to back up files in case I have a whole kaput!

 

ok, I might be paranoid, but I am wondering if I could have been hacked? I usually run ZA free version and am connected via a router.

After I posted this morning, I tried to do some work. I logged into my online UPS account and noticed unknown addresses in my address book, and at the top, instead of saying Welcome Danielle, it said Welcome Christian. Literally, as I was staring at the screen (I did not refresh the page), it suddenly switched back to my name. I guess it could be coincidence and be a UPS site problem but on odd coincidence if it is one.

MS Outlook keeps reappearing on my desktop every hour, even though I keep taking it off my desktop. I don't use Outlook and cannot get rid of it. This has only happened this week although I stopped using it a year ago.

I have re-run defrag and disk clean up. Removed clutter from my start up menu and my pc is just crawling. Every program takes 5 minutes to open.
I ran shields up leak test which detected a leak, so I upgraded my free Zone Alarm to ZA Pro and put everything on stealth for now til the leak test came back with a good result.

 

Don't panic.

Sorry for the delay, i've been a little ill. Let fix your PATH variable that chas mentioned and try for the shownew logs again.

Goto Start --> Settings --> Control Panel

Double click System (You may need to change to classice view on xp)

Click on the Advanced tab

Click Environment Variables at the bottom

In the LOWER list, click on the PATH variable and click edit.

Copy and paste the below text IN PLACE OF what is there and click ok

Click OK twice to complete this.

Now try running shownew and runkeys. Since you have done a system restore i'd also like a new HijackThis log please

 

Sorry you've been ill, Matt. Hope you're feeling better now!

That path changed worked great. Thanks. New files are attached.

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download and install SpyBot-Search & Destroy 1.4

Download and install Sun Java Runtime Environment 5.0 Update 9

Instal Spybot as per the instructions in the Read and Run Me and remember to disable TeaTimer

I believe that the below is part of googles Web Accelerator, This could be part of the problem with your web access and would explain a lot of the symptoms. Try removing Web Accelerator and see if things improve.

Do you have any problems using netscape. There is a search plugin installed that I don't recognise. What happens when you search in netscape?

Make sure you have rebooted in Normal Mode (do not open any other processes)


Run HijackThis. Click the 'Do a system scan only' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Download the zip file at the bottom of this post and extract the registry script it contains to your desktop. (fixreg.reg) Double click on it and select YES to allow it to merge with the registry.



Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following:

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.

 

I'll work through these now.
I had updated Spybot & Java just last week. Would the recent system restore have put them back?
I'll post new log when I am done. I'm in Netscape now and yes, it is a little better than IE. I am unable to use Firefox at all at the moment, despite re-intalling it twice.
I'll let you know how I get on

 

Almost through!

The new spybot got rid of 17 problems, including all the funwebproducts files.
I always do spybot updates but the new version looked different so I didn't have that afterall. I guess updates aren't the same as a full install of a new version

Hijack this log & newfiles log are below.
I'll run active scan next

 

Finally, my new activescan & I have completed all the instructions.

Firefox is still pretty inoperable. Ok for the first 1 or 2 pageloads then freezes again. Netscape is ok, slower than it should be but workable.

 

Do you know what Boonty Games is ? You have a service running called that.

You still have the registry entry that should have been fixed with the patch on my last post.. What happened when you ran it?

 

The Boonty folder contained nothing but links to an online game. I deleted it anyway since it's old and unused.

The fixreg seemed to go fine. I didn't get any strange messages or anything. Shall I run it again?

 

Yes. if it doesn't remove it we may have to do it manually.

Are you still having the issues you described earlier?

The inability to stay logged into websites probably isn't malware related.

When you tick a remember me box the browser normally writes a cookie to your HD so that next time you visit it can check and know if its you. If you run a cleaning tool like CCleaner it will remove this and thus you will be asked to login on your next visit.

 

Hi Matt
I'm not having nearly as many problems now. I still can't use FF for more than a few pageloads, and Netscape seems to be following suit. IE is unaffected totally.

The login issue wasn't that I couldn't come back to a site and be logged in, but I'd login, get a "Welcome you are signed in" message, or whatver, & then get redirected straight back to login 5 or 6 times before I'd stay logged in.
One other issue was my browsers not recognising updated pages. Even cleaning my cache etc didn't help - my browser would still bring up old pages. That seems a little better but I am watching to see if that's resolved.

On the whole though, things aren't disappearing anymore and old deleted files have stopped reappearing.

 

Well I can see no specific signs of malware here, you might consider asking in the software forum if the problem persists.