Spyware, Trojans. Adware, I've got em!!

Hi,
I've read through all the read me firsts and have perfomed all the steps. I did this almost 2 months ago too, posted but for some reason no one replied so I'm back again, with even more invaders.

I am running XP/SP2 on a HP Pentium 4.

I ran all the spyware tools in safemood and just about all found something. The only thing I didn't do because I never saw the opton was getting a log on the VundoFix but after it rebooted I scanned again and it didn't find anything the second time around. BTW - VundoFix was the only scan I couldn't run in safe mode.

My computer is amazingly slow with all these infections. Everytime I shut down it goes through 5 or more "end now" processes. It never did that before. It takes forever to boot up. After years of not receiving pop ups, those are back as well. I'm at the point where I'd like to do a full system recovery but I'm not sure if that will eliminate my problems so I'm trying you guys first. You've helped me twice before a long time ago.

I am attaching the following logs:

BitDefender
Panda Active Scan
Hijack This


I also have an Ad-Aware Log (since it couldn't remove all the bad files) if you need to see that.

Please, if anyone can help me, I would greatly appreciate it!!!

Thanks,
Lisa

 

Download
- Pocket Killbox

Follow the directions for the for the following procedures:
SpywareQuake & SpyFalcon Removal Procedure
Virtumonde aka Trojan Vundo Removal

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windwos Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Using the Search function in the Start Menu; search for tvvwa.*. Delete every file found.

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the logs from SmitRem and VundoFix, along with a fresh HijackThis log.

 

Hey Shadow,

First, thanks soooooooo much for the reply! I truly appreciate it and know you guys are busy!

I did all the steps for SpywareQuake and I didn't find any of the files listed. I also did the steps for Virtumonde and it also didn't find anything. But note that I had also ran that prior to my first post and it did find stuff but I couldn't find the log for it. When I ran it again this time, I looked for where you said the log would be and the only thing I found was a folder called VundoFix backups. It looks like that folder contains the two .dll files that were bad (awvvt.dll & jkkkjhi.dll). Hmmmm, it also has these three other items listed; tvvwa.bak1, tvvwa.bak2 and tvvw.ini. At the very end of your post you askedme to do a search for tvvwa.*., I did and it did not find those. They should be deleted, right? Should the entire folder? (when I went to upload the attachments, I found the VundoFix log...sorry...see attached)

I ran a system scan only and checked and fixed the items you mentioned. Although two of the ones you mentioned weren't there.

I ran Pocket Killbox and entered each filename one at a time. When I rebooted back into normal mode and looked for those files they were gone.

I ran CCleaner and deleted the contents of Prefetch.

I am attaching the three logs you requested.

After all of this the computer is still lagging, not quite as bad but bad enough I want to throw it out the window.

Let me know what you think. Thanks again!! Lisa

 

SmitRem and VundoFix did exactly what they were suppose to do; that's why you couldn't find the files, I specified.

Your HijackThis log is clean.

You have quite a bit running at start up. Norton is a resource intensive application and may be responsible for your system lag. It could also be Ewido orTrojanHunter that is responsible.

Try disabling Ewido and/or TrojanHunter.

 

Thanks again for all your help!

Can you please help me with one last problem, the one you also pointed out....many things running at start up. I don't want all that stuff running except what is absolutely neccessary, can you tell me what I can remove safely and should I remove through the start up tab at msconfig?

I'm also going to look into that other thread that mentions other programs that are better than Norton. I think I also need to find another thread on on other program to better defend against all this stuff. Especially something that my 14 year old can't disable on a whim.

Thank you again!!!

 

Norton is the biggest resource hog running on your computer. You shouldn't be disabling anything with MSCONFIG. MSCONFIG is a diagnostic tool; that is used to selectively disable startup items, temporarily, allowing you to trouble shoot startup processes.