Winfixer, VIP fares, Traffic explorer etc, help me, please!

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. HJT must also be installed and run properly.

Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

Now because you appear to have a Look2Me VX2 infection, do the following:

Download L2MeFix Tool

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe.
Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop.

DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.

Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please attach that log later when you come back.

Please don't run any other files in the L2MFix folder.

Then reboot and continue with the below steps for using HijackThis.


After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).


DON'T FORGET TO ATTACH THE L2MEFIX LOG TOO!

 

Okay let's start by downloading two tools we will need:

- Process Explorer 9.2

- Pocket KillBox

Extract them to there own folder somewhere that you will be able to locate them later.

Reboot in Safe Mode (do not open any other processes)

- Run Process Explorer

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of msvcodbc.dll once and then click the kill button. After you have killed all of the msvcodbc.dll's under winlogon click ok. (If you do not find the dll, just continue on.)

Next double click on explorer.exe and again click once on each instance of msvcodbc.dll then click the kill button. Once you have done that click ok again. (If you do not find the dll, just continue on.)

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
O2 - BHO: C:\WINDOWS\system32\wff.dll - {B113A3BC-6F95-4D1A-8C88-2F4449AFFA98} - C:\WINDOWS\system32\wff.dll (file missing)
O2 - BHO: MSEvents Object - {B8B55274-0F9A-41E5-9067-A3539BD9E860} - C:\WINDOWS\Help\SBSI\msvcodbc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O20 - Winlogon Notify: msvcodbc - C:\WINDOWS\Help\SBSI\msvcodbc.dll


Copy the bold text below to notepad. Save it as fixVundo.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.

Now run Pocket Killbox:
Choose Tools > Delete Temp Files and click OK.
In Killbox - put a check next to "Delete on Reboot"
Copy & paste the following line in bold into the "Full Path of File To Delete" box:

C:\WINDOWS\Help\SBSI\msvcodbc.dll

Then click the red button with the X and allow Killbox to reboot then post a new HijackThis log. If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

After reboot post a new HJT log.

 

Looks like it worked to me. What does your virus scan program say now?

 

You do not need to work about the files in the HijackThis backup folder. But you can delete those files yourself to completely remove them from your system.

Is that where is found all of the trojans (in the HJT backup folder)?

And no more Vundo problems being detected???

 

You're welcome. To help keep you clean, see the below:

How to Protect yourself from malware!