Winfixer trouble

Hey MajorGeeks,
I am so glad I can type this and submit this to you, because I am having a malware issue.

Everything was working fine until today. I turned on the computer and a pop-up from Winfixer came up prompting to install software. Not falling for any of the false "No" selections, I closed those windows and IE. I then ran a Spybot Search & Destroy check. Sure enough, the winfixer cookie came up and I removed that along with several others. But this is when it gets weird.

I opened IE again, and another registry cleaner prompt comes up. So, I closed everything again. This time I was going to run an Ad-Aware Scan. When I opened Ad-Aware, I downloaded the latest definitions, and went to scan. All the scanning options were omitted. I could not select anything. So I closed Ad-Aware and opened it back up. This time the options were there. I selected Full-System Scan. When suddently, the program apparently closed, and I got the... (gulp) blue-screen The message read,

I wrote this message down. Then I shut off the computer. I waited about twenty seconds, turned it back on, and it re-booted normally. However, another pop-up appeared. I am glad I can get on here to post this message.

Some of my own thoughts: I think the Ad-Aware SE Personal on my computer is infected and that I should not try using that program again. I should remove it and download it again. I should run a virus scan. I should examine and shred all unnecessary cookie files.

What do you think? What more should I do? Any help is greatly appreciated.

 

Hello again,
Using my AVG Free Anti-Virus software, I ran two scans. Four infected files were found. Three have been able to be quarantined.

Filename: svchost[1].exe, found in Local Settings\Temporary Internet Files\Content IE.5\, Discovery: Trojan horse Downloader.Generic.TOW

Filename: bbs003302[1].css, found in Local Settings\Temporary Internet Files\Content IE.5\, Discovery: Trojan horse Downloader.Generic.TOW

Filename: archive[1].jar, found in Local Settings\Temporary Internet Files\Content IE.5\, Discovery: Virus identified Java/ByteVerify

But one cannot be removed. It is Filename: BlackBox.class, found in Local Settings\Temporary Internet Files\Content IE.5\, Discovery: Virus identified Java/ByteVerify. It is classified as an infected, embedded object. When I tried to locate additional information about it, I get this message.

Even after these two scans, and removing the three infected files that could be removed, I still am getting pop-ups when I open IE. I will check back here to see if anyone has any ideas to get rid of this file.

 

Hey again,
Okay, I ran a full system scan with Microsoft AntiSpyware and it found no spyware. I still am getting these pop-ups, though not as often.

I have searched this site for any information on BlackBox.class but have found nothing useful. Is this a new version of the Java/ByteVerify virus? That could account for the lack of information. Also, is it possible that this trojan and this virus could have manipulated something in the computer registry? I ask this because even though I have run multiple virus and spyware scans tonight, these pop-ups are still occurring, albeit much less than before.

Well, I've spent over four hours on this problem and I'm beat. I'll check back here tomorrow and see if anyone here can help me with the BlackBox and the Java/ByteVerify and all this other crap that some pathetic loser who hates the world and everyone in it made up just to cause troubles for me and everyone else using a computer. I know I would not buy any anti-spyware software from a company that advertises through malware.

Good-Night to all the MajorGeeks! Catch you all back here tomorrow.

 

Hey chaslang,
Okay. I will try my best to follow these instructions. Before I do, I also have to mention something that started this afternoon.

When I turn on the computer and Windows boots up, everything is normal except a message that pops-up which says,

I just click the "X" in the upper right-hand corner of the box and the message disappears.

Okay. I will attempt the steps you outlined.

 

Hey chaslang,
Thank you so much for your help with this! I followed all the steps that I could, and ultimately the Panda Activescan found four instances of Virtumonde in the C:\WINDOWS\system32\ folder. After this scan, I re-booted in normal mode and ran HijackThis and saved a log.

I then came back here and downloaded and installed VundoFix. I ran the utility and it removed the four files.

The computer seems to be working normally again.

I do have some questions after all this, though. Would I be right to say the viruses and the trojan horses I found a few days ago were connected to this Virtumonde malware? And, if so, is that how the malware inflicts users' computers, by infiltrating through trojan horses?

The other part of this that is very disturbing is how this completely destroyed the Ad-Aware that I had installed on the computer. I am seriously thinking that the blue screen stop error message I received twice after trying to start full-system scans was a hoax. Is it typical for malware to attempt to destroy legitimate anti-spyware software installed on computers? I read another thread here yesterday where someone else said Ad-Aware caused a crash.

For now, I will have to stick with Spybot Search & Destroy.

I want to thank you again for your assistance.

 

Hey again chaslang,
Here are the three logs you asked for. I think I did this right.

There were two steps of the READ AND RUN ME that I could not complete. First, there is no Ad-Aware SE scan because that program was completely disabled by the virus/trojan/malware problems. The other step was the Windows Defender scan because I do not yet have SP2 and CounterSpy was not indicated for use with Windows XP.

Thank you for checking these.

 

I don't think I did it right in the last post Sorry about that.

I didn't see any attachments. Let me try again.

I'm previewing the post now. There they are. I screwed up the first time.

 

Hey again,
I think those corrupted files were removed by VundoFix. The HijackThis log I posted was generated after I re-booted in Normal Mode but before I ran VundoFix. I am attaching to this post the VundoFix Log. Thank you so much for checking these.

 

Hey chaslang,
I ran HijackThis again and have a new log. I want to post this to you.

I still have to remove McAfee Virusscan, but I am not quite sure how to do this without removing the other McAfee components that I want to keep.

Please let me know if I should post another VundoFix Log.

My computer seems to be running much better now, except the fan sounds like it is working very hard.

Thank you very much for helping me here.

 

I want to keep AVG as the Anti-Virus software.

The other components I meant were the firewall, privacy service and shredder. It is my understanding that these components, unlike the AV, do not require a yearly subscription. That is why I had McAfee for a year. Before that expired, I asked and you guys recommended some good free AV software, and of the choices, AVG seemed like the best one for my use.