Winantivruspro2006 infection-- Is it actually gone now?

Welcome to Majorgeeks!

You still have some problems to fix!

First Run this ViewpointKiller to remove Viewpoint Media software.

Now goto Add/Remove prorgams and uninstall this old Sun Jav version: Java 2 Runtime Environment, SE v1.4.2_03


Now I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

Please goto Add/Remove Programs and uninstall the below:
Search Assist
System Alert Popup
If you do not find these or they will not uninstall, make sure to tell me.

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\documents and settings\vic\application data\winantiviruspro2006freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\documents and settings\vic\application data\winantiviruspro2006freeinstall[1].exe
C:\Program Files\Video ActiveX Object\pmsngr.exe

Now run Ccleaner .

Now reboot in normal mode
Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folder and delete it if found:
C:\Program Files\Video ActiveX Object

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Okay! Just don't wait too long! Attach the logs when finished.

 

Okay now uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders left behind by the uninstall:
C:\Documents and Settings\Vic\Local Settings\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software


Your logs are clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Not a problem! But normally they are left behind by the uninstall.

My personal preference is to never hide anything. Why let malware have a hiding place? If you don't feel comfortable in allowing system files and others to show because you or someone else may delete them by mistake , then hide them again but remember that this does allow malware to hide too.

Normal Startup!

Both of these depend on how much surfing and downloading, installing/uninstalling etc you and other users of the PC do. If you are just doing average amounts of activities like mentioned, twice a month is sufficient. If you are a download freek , weekly would be best.

 

You're welcome! Happy I could help and teach at the same time.

Surf safely!