zedo popups

Hi,

I've followed all instructions for removing zedo/vundo. I think I got most of it removed, but I'd like to be sure. I couldn't run CounterSpy or Panda Scan. Other logs attached. Any help would be hugely appreciated.

 

Thank you!

 

Hi Lise!
Welcome to Major Geeks!
I'm checking your logs now ... there are some things still to do...
be back later

abri

 

Hi Lise!


1) If you have not already done so, go to
Uninstall Malware via Add/Remove Programs and look for any programs which have not yet been removed. I see the below program is still on the computer! Please remove it and any others you find on the list including these two!

- Sunbelt CounterSpy
- Viewpoint Media Player
- My Way Search Assistant


Then delete the below folders which may be left behind by the uninstall:

C:\Documents and Settings\Judy\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

2) Next please

1. Download this file - Combo Fix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply and

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


3) Please run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: (no name) - {298E465F-E7C8-44DA-8FEE-62E8BFB3763F} - C:\WINDOWS\system32\xxyyx.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll (file missing)
O2 - BHO: 0 - {A8F97B8A-7E06-4991-E7B7-3F1B0FA0BFC2} - C:\Program Files\Internet Explorer\lacusyca.dll (file missing)
O2 - BHO: (no name) - {e5b13804-95a6-4466-871c-f14090a95f1b} - C:\WINDOWS\system32\kielnqc.dll (file missing)
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Judy\Local Settings\Temp\thinksnet.exe
O20 - Winlogon Notify: xxyaxur - xxyaxur.dll (file missing)

After clicking Fix, exit HJT


4) Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

5) Now Run The AVENGER by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:
Quote:

Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it
yourself.
* A log file from Avenger will be produced at C:\avenger.txt


6) Please download ATF Cleanerr by Atribune. This program does not require an installation.

The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o
NOTE: If you would like to keep your saved passwords, please click No at the

prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o
NOTE: If you would like to keep your saved passwords, please click No at the

prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

7) After you complete the above reboot once more attach the following logs.

* HijackThis Log
* ShowNew Log
* GetRunKey Log
* Avenger Log


Tell me how things are working now.

abri

 

Hi abri.

I couldn't uninstall MyWay Search Assistant because there's apparently a file missing.

I did everything else you said, hopefully it worked!

 

Thanks so much for all your help!

 

Hi Lise!

It actually looks quite good. I missed two folders and would like for you to delete them now using Avenger as per below. Then run ATF Cleaner again. Don't run the logs again! I'll take a closer look at them and get back to you!


1) Now Run The AVENGER by double-clicking on it.
* Check the 'Input script manually' box.
* Click on the magnifying glass icon.
* Copy everything in the Quote box below, and paste it in the box that opens:

Now click the 'Done' button.
* Click on the traffic light icon and OK the prompt.
* You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it
yourself.
* A log file from Avenger will be produced at C:\avenger.txt


2) Please download ATF Cleanerr by Atribune. This program does not require an installation.

The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.

If you use Firefox browser

* Click Firefox at the top and choose: Select All
* Click the Empty Selected button.
o
NOTE: If you would like to keep your saved passwords, please click No at the
prompt.

If you use Opera browser

* Click Opera at the top and choose: Select All
* Click the Empty Selected button.
o NOTE: If you would like to keep your saved passwords, please click No at the
prompt.

Click Exit on the Main ATF Cleaner menu to close the program.


abri

 

Okay, I ran Avenger and ATF Cleaner again. I think we got it all this time. Is everything else okay? Thank you so much!

 

Hi Lise!

If you are not having any other malware problems, it is time to do our final steps:

Happy Surfing!
abri

 

Done. Thanks again.