Spike Needs Help!

Did you have a problem trying to install MS Windows Defender?

Run the below and attach the requested log:

Virtumonde aka Trojan Vundo Removal

Then also attach a new HJT log and tell me how things are working.

 

Let's get an installed programs list from HijackThis too!

Run HijackThis, click Open the Misc Tools section
Click Open Uninstall Manager
Click Save List (generates uninstall_list.txt)
Click Save, to save it to a file where you can find it.
Upload this file as an attachment too.

After seeing the above, I'll work up a final (should be final) fix.

Things should already be alot better though since Vundo is fixed now.

 

Right on the main page of HijackThis when you first run it. Look at the buttons! Read the fourth one down!

 

Okay!

We recommend uninstalling Viewpoint Media Player in our readme. You should uninstall it, unless you use it (but I doubt it).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: WTLHelper Object - {BD6CD737-34E1-4864-8697-83EC081F1989} - C:\WINDOWS\system32\gebyv.dll (file missing)
And if you do not use Windows Messenger (this is not MSN Messenger), also fix the below
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

After clicking Fix, exit HJT.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Did you fix the items I gave you in the last message and did you Reset Web Settings?

What about removing the WindowsMessenger lines?

All of these are still there. If you did fix them, try all the steps again but this time exit MS Antispyware first before doing any fixes. And then reboot. If you get a message from MS Antispyware about any home,start, or search page changes, just accept them.

Then attach a new HJT log. The next steps (if this all works) are below.

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!

 

Windows Messenger is an unnecessary program that no one uses and it can be the source of popups.

Use the below to Remove it from your system.

Disable/Remove Windows Messenger

Let me know if this works. It could be that MS Antispyware was still blocking the change.

Make sure you have started working on the How to protect thread!

 

You're welcome. Surf safely!