Still got malware after following instructions

porget · Feb 9, 2006

Hi there

I have followed the "Read & Run Me" First instructions then the SpySheriff Removal instructions but I seem to still have a host of horrors including SpySheriff. The only step I haven't done is disable System Restore as I'm not yet free of pests. I'm afraid I am totally clueless but reading previous threads and seeing what you've asked for I've posted the Smitfile, Panda and Bitdefender files along with the HJT log.

Windows XP SP2

Thanks for your help

porget

Edit by chaslang: 4 Inline logs attached.

chaslang · Feb 9, 2006

Welcome to MGs!

You have not followed the instructions in the READ ME properly. No logs should be post inline. All logs must be attachments to your Messages. Also you did not post a useful BitDefender log of problems. All you posted was a log summary. Follow the directions in step 6 and you will have a proper file to attach to your message.

What are your remaining issues with SpySheriff?

How old is your version of Spy Sweeper and is it a paid version?

chaslang · Feb 9, 2006

You can have HJT fix the below line unless you added it yourself.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

Then locate the below files and delete them using Windows Explorer:
C:\WINDOWS\system32\mscom32.dll
C:\WINDOWS\SYSTEM32\kernels64.exe
C:\WINDOWS\country.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\uniq
C:\WINDOWS\osaupd.exe

If necessary, boot into safe mode to delete the files.

porget · Feb 9, 2006

I've now attached the correct Bitdefender file

Spysweeper is V2.6.1 paid version and I also have NoAdware and XoftSpy both bought

I've deleted all the other files but am denied access to delete mscom.dll - both when logged on as administrator and as my profile.

In answer to your question about my remaining issues with SpySheriff although the "Spyware detected" type popups have gone, the computer is generally running slowly and behaving oddly with hourglasses appearing when I haven't actioned anything and popup windows flashing up then disappearing and the screen going pink.

chaslang · Feb 9, 2006

porget said:

Spysweeper is V2.6.1 paid version
Click to expand...

Then you have not paid for it recently. You are WAY out of date. You either need to resubscribe or uninstall it. I don't believe you can even get updates for this version anymore. The current version of Spy Sweeper is 4.5 and the reference file is someplace around 612.

As far as NoAdware and XoftSpy. They are not on our recommended list but that's up to you. You do need to have one full blown antispyware protection program install. But you need to use current versions not old ones.

Did you try booting in safe mode to delete mscom.dll

porget · Feb 9, 2006

I was in safe mode when I tried to delete it.

chaslang · Feb 9, 2006

Let's be clear on something. The file I originally asked you to delete is C:\WINDOWS\system32\mscom32.dll not mscom.dll

So what was it that you tried to delete.

What are you doing about your out of date Spy Sweeper?

Download the attached GetKeys.zip to your PC someplace you can locate it. Then extract the files from the ZIP. Locate the getkeys.bat file and double click on it to run it. It will create a file named getkeys.txt in the root of drive C: (C:\getkeys.txt) . This log will also popup in a notepad window which your can just close. Upload the getkeys.txt file here as an attachment.

Log in or Sign up

Still got malware after following instructions

porget Private E-2

Attached Files:

Activescan.txt

bdscan.txt

smitfiles.txt

hjt1.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

porget Private E-2

Attached Files:

Bitdefender2.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

porget Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Attached Files:

GetKeys.zip