Unsure What To Do

Ok guys, iam new here as of yesterday, picked this site up through google search engine and i think u guys are great from what i've read...WELL DONE.

Ok getting to the point, i think my pc may be infected with the winfixer virus as my mcafee virus scan picked it up a few weeks ago, but mcafee said it was not a threat so i did not worry about it. I have AD-AwarePE on my computer aswell as SpyBot, SpywareBlaster and Spy Guard. All these are coming up clean, even my McAfee VirusScan, so i dont know if my pc is infected or not, and i do not know what i should do exacally, i may have deleted oit from mcafee but cannot recall. Should i run the "Run Me First Before asking for Support', it looks really complicated.

Is there anyway of checking for malware and trojons other than that? Or should i run it and see what happens....iam helpful for any advice, i just dont know what to do cause all my virus and spyware programs are now coming up clean.

Help greatly appreciated thank you

 

Hi and Welcome to majorgeeks

Yes, Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis
​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
  • Bitdefender
  • Panda Scan
  • HijackThis

 

Ok, when Enabling viewing of the hidden files, system folders etc, when unchecking the "hide protected operating system files (recommended) it came with with a box saying of i uncheck it may make my system inoperatble, is this still ok to do

 

That's a standard warning, just uncheck the box and countinue.

 

OK thankyou

 

when in safe mode i could not find cc cleaner, spybot all i could find was ad-aware, could u please help

 

What do you mean you couldn't find them. You did install the tools. didn't you?

 

yes, they are all on my harddrive now, when putting it in safe mode it stated that some programs wouldnt work, so i dont know if that had anything to do with it, now iam back in normal mode, they are all on my desktop now, should i save them somewhere else, where they will be found in safe mode??

 

You have shortcuts on your desktop and shotcuts in the start menu. If they are not on your desktop, in safe mode, then look in the start menu. You are logging into the same account in Safe Mode, where you install the programs?

 

When it loads up to safe mode, it comes up administrator and owner, 2 tabs that u click on for it to load up. I clicked on administrator would this have been the reason?

 

Yes, that would be why they are not on the Desktop.

You need to login to your account instead of the Administrator Account.

 

ok...thankyou for the quick reply...

just another question before i get started,i wanna make sure i do this all correct...

when you are showing your hidden files and folders, and unchecking both boxes, do we leave it like that all the time now, or go back after scans and re-check them again??

and also the system restore thing, that being dne after malware removed you just turn off and then back on straight away, thats just the bit iam still confused with.

thanks so much i know u must be thinking iam a real dumb ass but i just dont wanna stuff anything up as this is a new computer

 

Ive just completed both the Bitdefender scan and Panda Active Scan, attached is the Bitdefender as the Panda came up clean so i had nothing to save.

Because they both came back clear is it neccessary to run hijack this?

 

Yes, post a HijackThis log.

 

Could you please tell me do i run the hijack this through the program files or the zip folder? I did what you said by

Creating the C:\Program Files\HJT folder:

Click START and select Explore
Select the drive where Windows is installed (normally drive C)
Navigate to the C:\Program Files folder and select it.
Now click the on the top menu where it says File and then select New.
Then select Folder
A new folder is created and highlighted
Just type HJT to overwrite the default name (New Folder)

then i ....

To extract hijackthis.exe on WinXP systems without WinZip:


Locate the HijackThis.zip file you downloaded and right click on it
Select Extract All and click Next
Browse your way to the C:\Program Files\HJT folder created above
Select the folder and click Next

just where do i run it from the program files where the icon comes up like a bomb looking pic or the zip folder that i saved in c drive

 

Please anyone.......

Any help appreciated

 

Attached is my Hijack This log.

Thanks.

 

Here is my new HiJack This log as i ran the first one without showing my hidden files and folder.

Please let me know how it is.

Thanks alot

 

Your log HijackThis log is clean. What problems if any are you having?

 

Problems include, with some certain websites i click on a link and a pop up will appear saying aboutblank in and then the window will appear as a casino or party poker something of that area. All other pop ups get blocked except for these ones. Iam not sure if this is a problem, but before on this website that i go to i never had any of these problems, its just been happening for the last 3 weeks or so.

Any suggestions would be appreciated.

Thank you for replying and letting me that my log was clean, i really do mean it, you guys here are legends!!! Well Done

 

Pop-up blockers won't block everything. Every now and then you will get a pop-up. You could be getting pop-ups on certain kinds of sites, because you have installed something that will allow those types of pop-ups; or you altered settings. I don't know what you may have done or haven't done.

If you type about:blank in your browser address line, you will get a blank browser window. That's supposed to happen. When a browser window first opens it will be blank, until you have received enough data to tell your computer what's supposed to be displayed in that window.

This could be malware, then again it might not be. Your logs tell me that it probably isn't malware. To take a deeper look at registry keys that can be modified by malware do the following:

Running WinPfind by OldTimer
Using GetRunKey

Post both WinPFind.txt and runkey.txt after you have finished.

 

Here are my two logs.

Let me know how you go.

Thanks

 

Delete both of these files:
C:\WINDOWS\aqshortcut.exe
C:\Documents and Settings\Owner\Application Data\wklnhst.dat

Follow the directions for Running Hoster

Other than the above your logs are clean.