Virus won't let me run Antivirus scan

While Hijackthis is good a picking up browser hijacks, but is not too good for virii and trojans etc, so the below guide is very usefull in getting to a point where most malware is removed or identified, so the malware guys here can tailor the final removal instructions for you.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

• Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
• Make sure you check version numbers and get all updates.
• Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

• After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.


​

• When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
  • 
    [*]runkeys.txt - the log from GetRunKey.bat
    [*]newfiles.txt - the log from ShowNew.bat
  • CounterSpy - ONLY IF you were not able to run Windows Defender
  • Bitdefender - from step 6
  • Panda Scan - from step 6
  • HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Why are you trying to disable System Restore, the guide I posted does not tell you to do that until your free of all malware, which you are not.


Are you running the Bitdefender and Panda scans from Safe Mode with Networking?

If you still have problems with Panda then use Trend Online Scan which does work with Firefox.

If you have run the GetRunKey and ShowNew bat files then the location of them is C:\runkeys.txt and C:\newfiles.txt ( as mentioned in section 5 of the guide )

I know its frustrating having PC issues due to malware, but please do nto skip any of those steps in the guide as they are proven to help in the first stages of removing the malware from your PC, the final steps are taken once the logs are attached.

 

The download link and instructions for ShowNew and GetRunKey are below; but they are already given in step 6 of the READ ME. If you are following ALL the steps in the READ ME and in the order given without skipping anything, then you should already have these and should have run them. The READ ME is meant to be run in its entirety and in the order written.

Download GetRunKey.Zip and ShowNew.Zip from the below links and extract all files from both ZIP files into a folder of their own. You can extract both ZIP files into the same folder. Like C:\MGTools

• Using GetRunKey
• Using ShowNew

 

Not trying to be funny or anything but you still have not run any of the items in the Guide I posted above in this post http://forums.majorgeeks.com/showpost.php?p=838407&postcount=2 not doing them and just posting HJT logs ( and not as per the running instructions for HJT as their are some malwares that hide from Hijackthis when run, unless its installed and re-named as per the instructions ) is not going to remove the malware on your PC.

 

You need to follow the directions in the the download links and extract all files from the ZIP file. You need to do the same thing for ShowNew because your log is incomplete and that is also because you are not following the directions given.

Also you need to uninstall SpywareBot as stated in the link in Step 0 of the READ ME. You should also uninstall AdwareAlert as it used to be a rogue tool and still remains as a tool that is not that useful. I also suggest that you uninstall MacroVirus. You need to stop installing all this garabage.

And you still have not renamed HijackThis.exe to analyse.exe as requested in step 7

You appear to have a problem following directions. Please complete ALL steps in the READ & RUN ME and attach all the logs that were requested.

 

But you did not uninstall the items I asked you to uninstall and you did not post a new log from ShowNew after extracting all the files from the ZIP. You last log was incomplete.

 

Your log shows that you did not extract ALL the files from the ZIP file and run the Shownew.bat file from outside of the ZIP. If you run Shownew.zip directly from the ZIP file, it will not work.

Please attach a new HJT log that was obtained after the uninstall of those other programs. That was the order that I aksed for it last time.

 

You don't really have any major malware problems, but there are a few things to cleanup. If you cannot install new antivirus programs (by the way that's a good things since you already have one installed) perhaps it is just due to the fact that you are running all the AOL protection stuff.


Start by downloading - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
Now back on Killbox's main window, Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note some of the files listed below may not exist but we need to check for them anyway.

C:\WINDOWS\system32\mwsysb.dll


If Killbox does not reboot or if you get a Pending Operations type error message just click OK to continue and then just reboot your PC yourself.
After reboot locate the below folders and delete them if found:
C:\Program Files\SpywareBot
C:\Program Files\MacroVirus
C:\Program Files\AdwareAlert

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\temp\
C:\Documents and Settings\Administrator\Local Settings\Temp\


Now install the current version of Sun Java from: Sun Java Runtime Environment

Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6



Now attach a new HJT log and tell me how the steps went.

Also attach a new log from ShowNew and a new log from GetRunKey.

Make sure you tell me how things are working now!