Virus?

Hello -- I have followed all the directions in "How to: Spyware, Trojan And Virus Removal" and I have failed to remove what I think is a virus. Here is what is happening: any time I open a new IE browser window, I get adware popping up. I have the Google pop up blocker and I have scrubbed my system for any type of adware, so I'm pretty sure it's a virus. (I am also running ZoneAlarm and Avast! -- but they aren't doing any good either!) I tried using HijackThis! but I'm afraid I don't know what I need to fix. I'm going crazy with these pop ups... any help would be much appreciated.

Thanks!

 

Hi Udubgirl,

Did you try the Online Trojan Scan & a-squared in the Alternative Scans section of the Tutorial?

If you are sure that you have exhausted ALL of the options in the Cleanup Tutorial, then go ahead and send us a HijackThis Log. Make sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.98.2) and MUST be extracted to its own safe folder - C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.98.2

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Somebody will take a look when they get a chance.

Best

 

Hi Phillie --

Yes, I ran every possible online virus scan I could find. They all did not remove the problem, unfortunately. Thanks for your help - my log is attached.

Udubgirl

 

Hi Udubgirl,

Sorry I forgot to post this for you earlier - So many threads. . . . so little free time!!

Please look in Add or Remove Programs for Apropos Media, People on Page, POP or similar and Uninstall if found. Note any other suspicious entries as well.
Then, do the same for your Program Files folder.

This is recommended for removal---> [Mirabilis ICQ] F:\Program Files\ICQ
See this - http://www.cexx.org/icq.htm - Up to you.

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and END them (if found):

CxtPls.exe
mswfnw.exe

Now scan with HijackThis and Check the Boxes for the following:

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\CxtPls.dll

O4 - HKLM\..\Run: [mghzrvkl] F:\WINDOWS\

O4 - HKCU\..\Run: [K026RWi8l] mswfnw.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present ---> OK if this is set by SpybotSD or similar.

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

Now boot into Safe Mode and DELETE the following if they remain:

C:\Program Files\CxtPls ---> The Folder

F:\Windows\System32\mswfnw.exe

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Let me know if CxtPls gives you any trouble.

I’ll try to check back when I get a chance – likely Sunday night.

Best luck
PP

 

Well it looks as if the ads have disappeared. I did have some trouble removing CxtPls, but I eventually deleted it... Here's the final log.

Thanks again for your help!

 

You're Welcome! Your HJT log looks good to me.

I suggest that you take a look at Chaslang's recommendations: How to Protect yourself from malware!

Happy Computing

PP

 

I would take this line out too
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present