Worm Virus!!!

limewire and kazaa are how you got your problems. Uninstall them.

Run KazaaBegone


- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

You must remember to exit browsers before you run HijackThis and you need to install it where requested. You have the below shown in your log:
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\Spyware Tools\HijackThis.exe

Please read my procedure again and notice what I requested.

The vkmmlm.exe file is not something you need a back up for. It is something that must be removed. But it requires some specific tools. Well work on fixing in my next message. Let's fix some other problems first.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: ServerSide - {7FC56022-4EDA-472E-8830-7CA92CCBD025} - C:\Program Files\NetMeeting\SS\ServerSide.dll
O2 - BHO: (no name) - {CD465A91-2466-2EDF-5AEE-CC1E47FABFCD} - C:\WINDOWS\xvqhaqtghh.dll
O4 - HKLM\..\Run: [SStb.exe] C:\WINDOWS\SStb.exe
O4 - HKLM\..\Run: [ssqb.exe] C:\WINDOWS\ssqb.exe
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\NetMeeting\SS <--- the whole SS folder
C:\WINDOWS\xvqhaqtghh.dll
C:\WINDOWS\SStb.exe
C:\WINDOWS\ssqb.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now reboot in normal mode and continue to my next message.

 

After completing the steps from my previous message, continue with these steps.

1) Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce two log files. - Please attach them with your next post! It is possible that one of them will be too large to attach. If so, you should put it into a ZIP file and attach that. If you do not know how to do that, just skip the one that is too large.

2) Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.


Now come back here and post the logs as attachments. Three attachments will take two messages.