Your computer is infected.. trojan

I am getting two popups on my computer and can't get rid of them.
The first is a windows security popup (process : Javalv32.exe) and then
a popup on top of the screen that says : "your computer is infected" (process: 57.tmp.exe)
I've run all the scans from the read me first post, but the problem is persisting.

I've attached my hijackthis.log

Thanks for your help

 

I need the logs from the online scans listed in the READ ME.

Download About:Buster 6.0

Get any updates and run the utility, afterwards reboot and attach a fresh HJT log.

 

ok.. downloaded buster, reran hjt.
do you still need the online scan logs?

 

Yes!

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

here is the bitdefender log (run in normal mode after running blaster)

 

After you complete the Ewido scan, attach the Panda log with the Ewido log.

 

ok.. here are the results of the panda scan

 

Now attach the Ewido log with a fresh HJT log.

 

i ran ewido before the panda scan and it found a bunch of stuff but the logfile was too large.. here's a portion of what i got, i will rerun and post

 

Wait! Navigate to the directory below:

C:\RECYCLER

Delete everything in it, make sure you have hidden files and folders enabled. If you have ran Ewido no need to run it again, just attach a fresh HJT log.

 

i reran ewido. here's the log

 

sorry didn't see your last post.. i will delete the files and i will rerun HJT

 

here's the latest HJT log.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Yvwogb

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {5C72B122-9904-E5BD-4093-348A5AD1BEF5} - C:\WINDOWS\crrr32.dll (file missing)

O4 - HKLM\..\Run: [Rrpoxe] C:\Program Files\Yvwogb\Itcg.exe
O4 - HKLM\..\Run: [apiyo.exe] C:\WINDOWS\system32\apiyo.exe
O4 - HKLM\..\Run: [iefn.exe] C:\WINDOWS\system32\iefn.exe
O4 - HKLM\..\Run: [atlpz32.exe] C:\WINDOWS\atlpz32.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Yvwogb ←–– Delete this whole folder if it exist!

C:\WINDOWS\atlpz32.exe

C:\WINDOWS\system32\apiyo.exe

C:\WINDOWS\system32\iefn.exe

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

After you complete the above, reboot to Normal Windows

Finally, I would like you to Flush your System Restore Points. Please follow the instructions in this link --->Disable and Re-enable System Restore

• First, turn OFF System Restore to flush any bad Restore Points.
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete this fix, reboot and attach a fresh HJT log and let me know how things are running.

 

hi .. just finished doing all that. a lot of the files you asked me to delete weren't there. however i have rerun hjt and it looks clean.. also the symptoms seem to have gone away. looks promising.

 

Your HJT log is clean, are you having any further problems?

 

Fantastic. Thanks.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!