WinAntiPro Virus Popup & More

Hi there,

Im back again and my computer has been generally clean except for this WinAntiPro Virus popup and installer. I use active scan, SBS&D, CCleaner, Windows defender and the rest. I read step 9 and work on that, however I keep getting this popup. Sometimes porno pops up and I hate that. Can you check me out and see what you can find to help?

As always, thanks in advance for your help.

I have done Steps 1-6 (Always Do) and here are my logs.

Thank you,
Dollphinea

 

Re: WinAntiPro Virus Popup & More - HELP!!!

My Computer is also running slower and I need to do work before tomorrow is anyone out there to help???

I see other posts after me or at the same time getting help. And I have followed directins.

Thanks, sorry I just need to get to work and its hard right now.

 

Please post teh logs from GetRunKey and ShowNew.

 

Are those new, I didnt have those instructions from before. Will go see if there is an updated run and read me ???

 

Okay,

Got it. On my printed copy of the Read & Run Me it did not have this step in there Guess I better check that each time. Hopefully there will not be more.

Here are my logs...Thank you for the help!

 

Download
- Pocket Killbox
- ExplorerXP

Rename hijackthis.exe to analyse.exe

<< The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp. Uninstall all older versions of Java on your computer, before installing the latest version of Java. >>

Delete everything in C:\!Killbox and the HijackThis backup folder.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop. DO NOT run it as this time we will do that later in Safe Mode.

Close Notepad.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files

Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Hi there,

Okay I did all the steps there were a couple things to report back:
1) "Rename hijackthis.exe to analyse.exe"
Forgot to do this until I was in safe mode.

2) Killbox
No PendingFileRenameOperations prompts

3) ExplorerXP Delete Items
Didn't have the ones you listed so I did not detele them, I did however
have some close names, so I copied the ones that were there:

Downloaded Program Files
amm06.inf 1.38 KB 4.00 KB INF File 5/8/2006 1:54 AM

CONFLICT.1
amm06.inf 1.38 KB 4.00 KB INF File 5/8/2006 1:54 AM
gsda.dll.tcf 124 KB 124 KB TCF File 8/2/2002 10:26 AM
MsnPUpld.dll 364 KB 364 KB Application Extension 10/8/2004 4:01 PM
MSNPupld.inf 587 bytes 4.00 KB INF File 10/8/2004 4:13 PM

CONFLICT.2
amm06.inf 1.38 KB 4.00 KB INF File 5/8/2006 1:54 AM
USDR6_0001_D08M0404NetInstaller.inf 227 bytes 4.00 KB INF File 4/4/2006 6:14 PM

CONFLICT.3 & 4
Northing

CONFLICT.5 thru 7
amm06.inf 1.38 KB 4.00 KB INF File 5/8/2006 1:54 AM

System32\
fhsxc.exe.tcf 1.10 MB 1.10 MB TCF File 7/13/2006 3:13 PM
hvzead7v.exe.tcf 28.0 KB 28.0 KB TCF File 7/8/2006 9:16 PM
(Did have Narrator.exe so that was only one deleted)

While I was posting this my AOL Spyware Protection said that it Blocked CMDService stating it was an AdWare.

I have attached my HJT.log.

I await your response

 

Delete all these.

I need to know the filname and full path. It should be in the AOL Spyware Protection log.

Your HijackThis log appears to be clean.

 

Hi there,

Thanks again for your help. I deleted the items you stated.

Well AOL doesn't give any more info or logs so I can't tell you the file name but it has come up every day since July 30th.

And my computer is still running soooooooo slow. Takes forever to load and navigate these days... any ideas?

Thanks

 

Download
- Registry Search Tool

Unzip to your Desktop and double click on regsrch.vbs
(if you have script protection, please allow this to run)

In the dialog that opens enter the following:

Press 'OK'

The search will run for a while then alert you when it is finished.

Press 'OK' and copy the contents of the WordPad window to Notepad save as RegSearch.txt and attach the file.