VirusBuster goldcodec 753 removal question

Faith007 · Nov 29, 2006

Hello Malware gurus:

I was infected with the VirusBuster malware from the gold codec 753.
I downloaded and ran smitfraudfix.cmd and it seemed to fix the problem. The erratic behavior and error messages have all stopped.
I have attached the rapport.txt that it created.

Then I read and followed the instructions in the sticky entitled "READ & RUN
ME FIRST Before Asking for Support." [Although Panda didn't work, in either Safe or Normal mode]

Search and Destroy found nothing but cookies.

Bit Defender found no problems.
I have attached the bdscan.txt

CounterSpy found 1 adware program, which does not appear to be related to VirusBuster. I removed it.
I have attached Counterspy.txt

I will send the other 2 log files in another message.

I am trying to determine if I need to take any further action to resolve this problem.
Do I need to run HiJackThis or do anything else?
This is the first time I have ever had a malware infection, so I am new to this game and want to make absolutely certain that my problem has been resolved. Please let me know.
Thanks.

Faith007 · Nov 29, 2006

More log files.

Here are the other two log files that were created when I followed the instructions in the sticky note.

Thanks everybody for your help with this.

DavidGP · Nov 29, 2006

Faith007 said:

Do I need to run HiJackThis or do anything else?
Click to expand...

Hi yes we will also need your Hijackthis log, as it will round up all the logs so if anythings still lurking it can be removed

Faith007 · Nov 29, 2006

HiJackThis Log

Here is the HiJackThis Log File. Thank You.

chaslang · Nov 30, 2006

You are running Spybot's Teatimer which we indicated not to use in the READ ME.

Now Disable Spybot's TeaTimer

Run Spybot and click Mode

Select Advanced Mode.

Then click Tools and select Resident.

Now in the right window pane, uncheck TeaTimer.

Also while this is open, in the left column now select IE Tweaks

and then in the right pane make sure all the Miscellaneous locks are unchecked.

Now quit Spybot!

Your log from GetRunKey showed that you had MSconfig running which we specifically indicate in the first step of the READ ME not to use. I want a new log from GetRunKey, but first please do the below.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 3
Mozilla Firefox (1.5.0.8)

Then install the current version of FireFox from: Mozilla Firefox

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [Virus-Bursters] C:\Program Files\Virus-Bursters\virus-bursters.exe /h
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Virus-Bursters <--- the whole folder:

Now run Ccleaner.

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

GetRunKey

ShowNew

HJT

Make sure you tell me how things are working now!
Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

Log in or Sign up

VirusBuster goldcodec 753 removal question

Faith007 Private E-2

Attached Files:

bdscan.txt

CounterSpy.txt

rapport.txt

Faith007 Private E-2

Attached Files:

newfiles.txt

runkeys.txt

DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

Faith007 Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member