Warning! spyware detected on your computer! Install an antivirus or spyware remover o

Warning! spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.

This is in the center of my desktop in a box that is yellow in the upper half, and my background has been changed to solid blue. When my computer goes into sleep mode, then black water bugs start crawling across my screen.

My system is Intel Celeron CPU 1300MHz 384 mb of ram and it is running Microsft Windows XP Home Edition ver2002 service pack 2
I have a 15gig C: and 219gig D: all from a 250gig drive partitioned with Partition Magic Pro or something like that.

I am running Norton 360 but had it shut down for a few days when I installed a new program and forgot to turn it back on.

I have run HiJack This and it is attached

I have never posted to this site before, but have been a member for a couple of years.

I appreciate and anxiously await your help

 

Re: Warning! spyware detected on your computer! Install an antivirus or spyware remov

Hi dreyno12,
Welcome to Major Geeks!

If possible, please make a screen shot of the bugs to attach here with your next post. Then see if you can follow the instructions in the READ & RUN ME FIRST and attach the requested logs. This will give you some relief and allow us to see what files remain that still need to be removed.

Thanks.
abri

 

Re: Warning! spyware detected on your computer! Install an antivirus or spyware remov

Sorry it took so long to complete the assignment, but im done. It took me all weekend to complete the preliminary cleaning that you required. The problem still exist. I am attaching the logs that you requested. You will notice that there are 2 each SAS logs and MGtools logs, because I had made a mistake 2 times in following the procedures, so I did each twice so that the process was followed to the letter. But just in case there was info that was needed in the first logs, I posted them also.

Thanks,
dreyno12

 

Re: Warning! spyware detected on your computer! Install an antivirus or spyware remov

Here is the 2nd post created to be able to attach the other logs needed for review.

thanks, for your prompt attention the this problem, your help is greatly appreciated

dreyno12

 

Re: Warning! spyware detected on your computer! Install an antivirus or spyware remov

Hi dreyno12,

I can see you put in a lot of work to do everything correctly. Are the bugs still there? Or just the blue screen? Has nothing at all changed after following the instructions in the READ ME?

First, please check that your desktop is not locked. To check this:

Fixing Locked Desktop

• Right click on your Desktop and select Properties.
• Then click the Desktop tab
• then click the Customize Desktop button.
• Now in the next window that comes up click the Web tab.
  • Make sure at the bottom that Lock desktop items is unchecked.
• Then in the Web pages: box delete all items but My Current Home Page and make sure it is unchecked too.
• Then click OK.
• Click Apply. And click OK.

And now, please continue as follows:

1) Please disable your guest account if this hasn't already been done.

2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (Note: if using Vista, don't double click, use right click and select Run As Administrator). Select Do a system scan only). In the box that opens, find the following entries and put a checkmark next to them (if you need some of them to be in the trusted zone, leave them). After check-marking them, close all your open browser windows and click on FIX:


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

What do the following entries belong to? Are these programs you use regularly and need? If not, please fix them as well.

O16 - DPF: {03A89EFD-E023-8500-A22D-45F77558EB4C} (ILINCInstall85 Class) - https://content.ilinc.com/clientdownload/download/ilinci85.dll
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdownload/download/ilinci86.dll
O16 - DPF: {0D062C61-F69C-11D6-A718-00C0F02CC8EE} (FISERV FIPSCO Report Viewer) - https://lpss.amerus.com/amu/reports/control/amurptview.cab
O16 - DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} (FISERV FIPSCO Insmark Interface Class) - https://lpss.amerus.com/amu/InsMark/imkctl.cab

After you click fix, just close hijackthis.


4) Next I would like to have you use ComboFix to remove some files.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

FILE::
C:\WINDOWS\mybc32.ini
C:\WINDOWS\system32\phcabnj0ea3c.bmp

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.

5) Now run CCleaner at the default setting with the Windows tab as the top one.

6) Next, I would like for you to run two online scans. Please go to Running Panda Active Scan and Running GMER to detect rootkits and follow the instructions for each.

7) Finally, please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip along with the Combofix log, the ActiveScan log produced for the Panda scan and the GMER log.

Let me know how this went?

abri