Trouble with Trojan.Zlob-X.a. as well

FixIEDef by ShadowPuterDude

This tool removes IE Defender and the associated Trojan.Downloader.Delf infection.

1. Download FixIEDef.zip by ShadowPuterDude to the Desktop.
2. Double-click FixIEDef.zip, this will create a folder named FixIEDef on your Desktop.
3. Double-click of the FixIEDef folder.
4. Locate FixIEDef.bat and double-click on it.
5. FixIEDef will now run.
6. Press any key to close the CMD Console when the script is finished.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Download this file - combofix.exe

1. Double click combofix.exe & follow the prompts.
2. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply See: HOW TO: Attach Items To Your Post

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from ComboFix.

Make sure you tell me how things are working now!

 

Run AVG AntiSpyware again and this time fix what it finds. You ignored everything the first time. Attach a new log.

If you want to see try an get some performance improvements, uninstall all those unnessary toolbars.

Also consider uninstalling Ad-Aware 2007 Service which is probably slowing you down due to the service it has running all the time even when you are not scanning. It has been know to be a resource hog.

Let's remove some bad services.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to HSZYIDBZL
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • MSTQJ
  • MTJZIZKG
  • Content Monitoring Tool
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste msCMTSrvc into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 8
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player (Remove Only) <-- should have been uninstalled in step 0 of the READ ME
WildTangent Channel Manager <-- should have been uninstalled in step 0 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft InternetExplorer Update Check] C:\WINDOWS\iupdate.exe
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

Make sure you tell me how things are working now!

 

The problem with the AVG Antispyware log means that you did not create a new log. Take a look at the log that you are trying to upload. Does it have the same date and time in it as your first one

 

But you still told AVG Antispyware to Ignore what it found. You need to have it quarantine or delete what it finds. That's the purpose of running the scan. Try again.