worm.win32.netsky Help

Welcome to Major Geeks!

You need to attach the proper logs from the READ & RUN ME. It does not ask for a separate HijackThis log to be attached. It does ask you to attach the C:\MGlogs.zip file from running MGtools and you still need to attach it.

 

I'm not sure what you mean. When you ran MGtools.exe it should have created a file named C:\MGlogs.zip are you looking in the C:\ root folder or are you looking in the C:\MGtools folder which is not where you should be looking?

 

First Disable Spybot's TeaTimer as requested in the READ & RUN ME

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

Now I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

Now also run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also make sure that you have attach both rapport.txt logs from SmitFraudFix.

Make sure you tell me how things are working now!

 

Please do not post logs inline. Remember to attach them just like you did in your first messages!

 

Yes!

This is due to cleaning out your infection.

For things you actually installed, uninstall them via Add/Remove programs.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 2
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O3 - Toolbar: (no name) - {03B121E9-6152-48b5-BB38-B642B21C62BD} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Also since you are concerned with your PC running slow, have HJT fix the below three unnecessary satrtups. BigFix is a huge waste of resources.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

After clicking Fix, exit HJT.

Delete the below file:
C:\WINDOWS\nethop.exe

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.


Make sure you tell me how things are working now!

 

Did you reboot after uninstalling ....before installing the new version? Based on your log, Sun Java does show installed; however it does not appear to be running. See if you can uninstall it, reboot and then reinstall.

Are you going to fix the below lines I mentioned last time?
O3 - Toolbar: (no name) - {03B121E9-6152-48b5-BB38-B642B21C62BD} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

 

Neither of these issues has anything to do with your malware problems. It would appear that you have some kind of registry corruption that is beyond the scope of things we discuss in the Malware Forum. You really would be better off discussing these in the the Software Forum. You may need to perform some registry cleaning to remove all aspects of Sun Java related info from your registry to resolve this error. But again this is something we do not get into in this forum. I do however recommend that before you even think about making any changes to the registry, that you create a backup of the registry first. Most good registry cleaning programs will do this for you before making changes. I would only suggest cleaning up things related to Sun Java.