Unknown bugs

Hello,
I have run all the scans recommended. Although I was able to delete MANY viruses and/or malware and/or spyware (close to 60!) there are still some unresolved issues. I have attached to this posting my Hijack this log, bitdefender log and panda log. It is a little bizarre. I was using my computer in safe mode and now my computer is in normal mode but the screen still looks like it is in safe mode (minus the words "safe mode" on the top and corners of the screen). Anyways, I am not sure if this is related to the remaining bugs or what not. Please help!

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Next, please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

Hello,
Thank you for your prompt reply. For some reason the hoster program is always frozen. I cannot click on anything...all I can do is press "x" to exit the program.

 

Weird, we will address this later, procede with running Ewido.

 

Hello,
I was able to run ewindo and I have attached the log. I have also attached a hjt log. Ewindo was able to detected 6 bugs. How will I know when all bugs have been deleted?

 

Please EXTRACT HijackThis from the ZIP File to a Safer location. Here's how:

To create a new folder:

• Click START > My Computer > Local Disc C: > Program Files
• Now, Right Click on an Empty Area and select New > Folder & name it HijackThis and ENTER

To Extract HijackThis:

• Now, Right Click your HijackThis ZIP File and select Extract All > Next > and browse to your newly created HijackThis Folder
• (C:\Program Files\HJT) and click Next.

After you have completed the above steps to relocate HJT, run it from the new location. Please save your HJT log as a .txt file and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

The reason HJT needs its own safe folder is so that backups will be safely preserved. That way, if a mistake is made in the removal process, the mistakenly deleted entry can be restored.

 

Here is the HJT log, run from the new location.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\RunServices: [WSAConfiguration] drrss.exe

O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

drrss.exe <-- This will most likely be in the System32 directory!

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

After you complete the above, reboot to normal windows and procede with the below...

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

"Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain"

I deleted ewido, and the files that you said from the HJT log but then when I booted in safe mode I was unable to see "Viewing of Hidden Files & Folders"...where can I find this?

 

Choose Safe Mode /Networking to get into Safe Mode, "Viewing of Hidden Files & Folders" this is in Folder Options in the Control Panel.

 

Hello,
I have done all the things that you recommended. Here is the winPFind log file.

 

Your logs are clean, are you having any further problems?

 

None that I can see...thanks for all your help!!

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!