Something is going wrong, please help me fix it

I clicked on a link in a friend's away message the other day and have been trying to get rid of the virus i recieved ever since. Before that fateful day i did not have any ad-aware or spybot on my system, my laptop is fairly new and it had not crossed my mind to get that. I now have that, as well as all over the other things that the READ ME FIRST tutorial said to get. Before discovering this site i had tried to delete the virus myself. The link i clicked on had said OMG look and then a link. I searched for files modified or created at the time i clicked and found the bestfriends.scr virus. I think i fixed it enough so that it doesnt effect my AIM anymore. Also my taskmanager has been staying open, which from reading other post others have had a problem with. The only problem that i have encountered is that everytime I open my internet explorer my pop-up blocker blocks something, which never used to happen. The tutorial has not fixed this problem. I have downloaded Hijack this and did a scan, i deleted one line from that so far that i felt confident about, but i would like someone else's opinion on the rest of the log that i am unsure about.

 

Hi Violagirlvu06,

Did you try AIM Fix ?

If you have worked through the tutorial to no avail, then please scan with HijackThis andAttach a Log as per the instructions in this link: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

I'll try to check back when I get a chance - usually in the wee hours.

Best,
PP

 

Thanks for helping me PP, I hope we can solve this together

I have tried AIMfix and it did not find anything wrong. I am not sure if this is related or not, but when I run spybot i get messeges such as "application failed to start because WDEngine.dll was not found" and "the application of DLL C:\window\wt\wtupdatewebd\4.1.1\files\legacy\webdriver.dll is not a valid windows image" and "failed to start WDEngine.dll not found" and "failed to start msjava.dll not found". I am not sure if that is related, but if i click throught those messages that appear multiple times i am able to fix the problems. I have tried reinstalling spybot. I do not know if this is a related problem or not. Additionally, my home page has changed from my college's home intranet page to google.com, however i did have a button at the top of my laptop linking to the google page, this could have also just been a mistake i made but it could also be related. My email service (webmail, through my school) also is not working on my laptop, but it does on my roommates. could this also be related? I really appreciate you helping me and giving me some of your time. My HijackThis log is attatched.

-Michelle

 

Hi Michelle,

I do not see anything alarming in your HJT log. Just some mild malware - Viewpoint and Weatherbug. You should uninstall them via Add or Remove Programs.

Then:
Please run HijackThis and Check the Boxes for the following:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

Reboot and DELETE these folders, if found:
C:\Program Files\Viewpoint
C:\Program Files\AWS

The messages referring to these (WDEngine.dll & DLL C:\window\wt\wtupdatewebd\4.1.1\files\legacy\webdriver.dll) are referencing WildTangent. You should make sure that you have uninstalled all remnants of that crapware. You could use Windows Explorer to search for them - if you feel the need to do so.

Your Homepage changing to Google is likely the result of one of the anti-spyware tools that you have run.

I do not know why you e-mail service is not working. It may be a settings issue.

Run through my above instructions (Definitely for the BHOs) and let us know how things are working.

You should also take a look at Chaslang's recommendations HERE: URL=http://forums.majorgeeks.com/showthread.php?t=44525]How to protect yourself from malware! [/URL]

Best,
PP

 

Sorry about the mangled link - I'll try again:How to protect yourself from malware!

 

I followed your instructions. When I ran HJT however I did not see the lines
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

so i assumed that they got deleted during the uninstall.

I have just done a Windows Explorer search for WildTangent and it came up with a folder, a bunch of zip files like wildtangent8.zip and also a bunch of wildtangent.jar files, should these all be deleted?

My pop-up blocker is still blocking something whenever I open a new internet explorer browser window, or when i change pages. It says on the bar "To help protect your security, Internet Explorer has restricted this file from showing active content that could access your computer. Click here for options..." The options it gives are to allow blocked content, a whats the risk?, and information bar help. I have not allowed this active content to run, except possibly when i first clicked on that link in the away messege, but i am not positive about that one time. Any ideas on how to get rid of this?

Thanks!
~Michelle

 

Here is my new HJT file.

 

Hi Michelle,

You should go ahead and dump all of the Wild Tangent crap.

As for the SP2 popup blocker, try opening IE and click TOOLS>Popup Blocker>Popup Blocker Settings and perhaps change the filter level to LOW. Or, you could uncheck the box for showing the information bar when a popup is blocked. You might also read the FAQ there in the lower left of the box.

As you can tell, I am not too familiar with it myself. You could turn it off altogether and get the Google Toolbar. It has one of the better popup blockers available and its free.

By the way, your HijackThis log looks OK. It's a little busy, but it's clean

Sorry I'm of little use for your popup blocker question. You could try posting it in the Software Forum. You'll get a better answer than what I can offer.

Best,
PP

 

thank you for all of your help. I have deleted all of the wildtanget stuff. I am currently going through all of the steps to protect myself from the malaware. I think i am going to download Mozilla. I was reading through entries on this board and Zippea seems to be having the same popup blocker problem as me, and it both seems to be the result of the bestfriends.scr virus so I will also moniter that post. Thanks again!

~Michelle

 

Happy I could be of some help. FireFox is a good choice, although it will not protect you from malware that ride along with things you knowingly put on your computer. You should check out some of the threads in the Software Forum regarding Mozilla plugins.

Best,
PP

 

Thanks for the link to the article. I think it is a good thing that the information is being blocked. I think that what the bar is blocking is something related to the virus, and i do not want that to run and reinfect my computer. I never had a problem with the popup bar blocking something everytime i opened up the browser, until i got the bestfriends virus. Unless what you are suggesting is that in removing the virus i changed the way I view my security settings and there has always been active content trying to run on every web page I go to. Today I downloaded Mozilla and I am not getting the a popup bar on this browser. I hope this does not mean that the virus i had wasnt under control. If in internet explorer I let the active content run, do you think it would be something normal or would it be the virus?

~Michelle