Virus & Spyware found on my computer

I run NIS 2005 and Windows Defender, but for some reason I ended up with a virus I initially found through my Task Manager called "winstall.exe".

I tried everything I could to get rid of it, but NIS or Defender could not.

I went through all 7 steps in your "Read & Run me first," and some of my scans did pick up both a virus and spyware. I don't know if they were deleted or fixed.

Below are all of the attachments I made in the "Read & Run" section.

Could you look at this and let me know if there is anything else I should do?

Thanks a bunch!

 

Here are the other 2 attachments from the Read & Run section.

Also, I'm using a Dell Inspiron with Windows 2K.

Thanks.

 

Please download smitRem.exe and save to your desktop.

Double click on the smitRem.exe file to extract it to it's own folder on the desktop. (this should be the default selection). Now open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed.

Attach the log from this utlity and a fresh HJT log.

 

Thanks.

I downloaded the utility and did the scan. The log is attached below along with a fresh HJT log.

One note: Before smitRem started scanning I got a Registry Error message. It said, "Cannot import C:\smitfran.reg: Error accessing the registry."

Don't know if that was expected or not, but I thought you should know.

Thanks again, and please let me know what you find.

 

Run CCleaner to clean up cookies and temp files.

Once you complete the above, reboot and let me know how things are running. Your HJT log looks good to me.

 

Thanks.

I did ccleaner like you asked. I realized, though, that I didn't run the utility or HJT log in the "normal" bootup mode with all of my processes running.

So I did the scans again after rebooting with all of my processes running just to be sure there's nothing wrong.

Can you take a quick look?

Thanks!

 

This entry seems suspicious, I would remove this entry and manually locate this file by searching for it. It will most likely be in C:\WINDOWS or C:\WINDOWS\System32.

 

I'm having trouble finding "HKLM\..\Run: [Sygate Personal Firewall] would.exe" or "would.exe" in any folder on my computer. I looked in the C:\WINNT\system32 and the C:\WINNT\system folders (I don't have a C:\WINDOWS folder).

I also tried the "search" feature scanning "my computer" with no luck either (even tried "search subfolders" in "advanced options").

I don't know how to search through the registration keys if that's where it's at. I know how to get there through regedit...but I don't know how to search if that's where it is.

Do you have any ideas?

Thanks.

 

I found the reg key and deleted it, but I still can't find would.exe anywhere on my computer.

I wonder if it's even there?

 

If you can't find the file it's a good thing. Attach a fresh HJT log so we can confirm it's gone.

 

Here you go!

If this is all clear, should I leave all of the programs/scanners that I downloaded on my computer?

Thanks.

 

Your log looks good, you can remove anything I had you download and run if you like.

If your not having any further problems then I recommend your see this site on How to Protect yourself from malware!.

 

Thanks for all of your help, bjgarrick.

I really do appreciate it.

I do have one final question for you. Are those Anti-Virus and firewall programs you have on that link better than NIS? I've been using NIS for a few years now. But I also find it is, like has been pointed out here, resource hungry and not free.

Do the free programs give as good/or better protection than NIS? My subscription runs out in January, and I'm contemplating dumping it if I can find a better alternative.

Thanks.

 

Yes, in my opinion Norton is one of the worst out there. The reason why I say this is because the antivirus, when it finds something it prompts and prompts and never does anything. The firewall prompts every now and then however if your seriously infected the firewall can become corrupt causing internet connectivity to be lost and many more problems as I have personally experienced this.

My personal opinion and from experience I do believe that ZoneAlarm is the best firewall today, I believe that AVG AntiVirus is the best free antivirus available today and I believe that Spy Sweeper is the best anti-spy program today. I use all three and never had a problem.

Yes, in my opinion they provide better than most purchased ones.

 

Thanks for all of your help!

 

Your Welcome!