VirusBuster/Zlob From d/l supposed MySpace Viewer. Please Help remove.

Back so soon?


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

You forgot the logs!

Can you get into safe mode just by using the F8 key method rather than MSconfig.

This can be annoying to removed but it is however not a dangerous issue. Let's try a quick registry patch and then another scan.


Now Copy the bold text below to notepad. Save it as fixYSB.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now lets get a Spybot Log

Open SpyBot, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder.

Now attach this log to your next message!

 

Is your copy of CounterSpy the free version from the READ & RUN ME? If so please run a scan and fix what it finds and attach a log. Then uninstall CounterSpy.

Is Trojan Hunter the free trial version? If so, uninstall it.

Also since you are using AOL Antispyware (at least I see it installed) you need to uninstall Windows Defender.

You also need to uninstall Viewpoint Media Player which was requested in step 0 of the READ ME. If it comes back let me know and we will use something to fix that.

I see the below in MSconfig for an iPod
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"iPodService"=dword:00000003

Do you still use an iPod? What where you using MSconfig to do? Was it to stop the service from running at startup?


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Mozilla Firefox (2.0)

Now install the current version of Sun Java from: Sun Java Runtime Environment

What is in the below folder?
C:\Program Files\Common Files\{00000F49-0710-1033-1221-050507050001}

Continue by downloading a tools we will need - Pocket KillBox

Save it to its own folder somewhere that you will be able to locate it later. Since you appear to have use Killbox in the past, make sure you download the above file to make sure you have the current version.

Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\taskkill.exe
C:\WINDOWS\system32\pyqhgyet.dll
C:\WINDOWS\system32\kyqmfqry.dll
C:\WINDOWS\system32\jmllm.tmp2
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\jmllm.ini

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

If Killbox does not reboot just reboot your PC yourself.

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Derek\Local Settings\Temp

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.