1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: !Update virus file everytime I start up AOL 9.0

Discussion in 'Virus & Other Malware Removal' started by tampa10, Feb 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. tampa10

    tampa10 Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    5
    I am copying and pasting my hijackthis log file along with attaching it. This is a !update file that I have to delete everytime I boot up my system. The file size is 0. Also I have run my mcafee virus protection and it cannot find any virus. I try to block or delete thru the prompt that Mcafee gives me but it tells me that it cannot so I just manually delete it but everytime I reboot, I am going thru this again

    This is what I get when booting up my pc.

    We found and were not able to clean or block a virus infected file (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G523SXUZ\!update-4295[2].0000). Your computer is at risk.

    Would you like us to delete this file?

    I say yes to delete the file and get this back

    SC0022

    We were unable to delete the infected file (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6PQ9AT8V\!update-4295[1].0000) from your PC.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:59:33 AM, on 2/5/2007
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\AOL\1142898683\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINNT\soundman.exe
    C:\PROGRA~1\CYBERG~1\cgav.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINNT\system32\RUNDLL32.EXE
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\Common Files\AOL\1142898683\ee\AOLSoftware.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Common Files\AOL\1142898683\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1142898683\ee\SSCEvtHdlr.exe
    C:\WINNT\system32\fast.exe
    C:\Program Files\Common Files\AOL\1142898683\ee\aolsoftware.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    c:\program files\common files\aol\1142898683\ee\anotify.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {076FB99F-7323-52DB-7C82-2787EE81B8C4} - C:\WINNT\system32\vfw.dll (file missing)
    O2 - BHO: (no name) - {076FB99F-7323-52DB-7C82-2787EE81B8C4} - C:\WINNT\system32\vfw.dll (file missing)
    O2 - BHO: (no name) - {8B8871C3-E206-E2A5-7125-E95B532A619E} - C:\WINNT\system32\fwqrcq.dll (file missing)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: (no name) - {F98871B3-E207-EAA7-7150-9B5B512E61EA} - C:\WINNT\system32\fwqrcq.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [SoundMan] soundman.exe
    O4 - HKLM\..\Run: [CgaHelper] C:\PROGRA~1\CYBERG~1\cgahelp.exe -check
    O4 - HKLM\..\Run: [CgaViewer] C:\PROGRA~1\CYBERG~1\cgav.exe -check
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142898683\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1142898683\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1142898683\ee\services\safetyCore\ver210_5_2_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [CaseyVideo[1]] c:\windows\CaseyVideo[1].scr
    O4 - HKCU\..\Run: [Qrvzeuqo] C:\WINNT\system32\fast.exe
    O4 - HKCU\..\Run: [Udtd] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ASKS~1\cmd.exe" -vt mt
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://amiuptodate.mcafee.com/vsc/bin/2,0,0,0/McUpdatePortal.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1142898683\ee\services\safetyCore\ver210_5_2_1\aolavupd.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
     

    Attached Files:

  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  3. tampa10

    tampa10 Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    5
    Here are the files you have requested, thanks
     

    Attached Files:

  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    One more thing please..

    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.
     
  5. tampa10

    tampa10 Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    5
    Here is the uninstall listing

    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Uninstaller (Choose which Products to Remove)
    AOL You've Got Pictures Screensaver
    Avance AC'97 Audio
    BellSouth FastAccess DSL Help Center
    CA Pest Patrol Realtime Protection
    CyberGatekeeper Agent
    Easy CD Creator 5 Basic
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hotfix for MDAC 2.53 (KB911562)
    Internet Explorer Q903235
    LiveReg (Symantec Corporation)
    LiveUpdate 3.0 (Symantec Corporation)
    Macromedia Flash Player 8
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Data Access Components KB870669
    Microsoft Windows Journal Viewer
    Microsoft XML Parser and SDK
    MSN Messenger 7.0
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    Norton WMI Update
    NVIDIA Drivers
    PowerDVD
    Pure Networks Port Magic
    QuickTime
    RealPlayer
    Safety and Security Center Uninstaller
    Security Update for Windows 2000 (KB923689)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 7.1 (KB917734)
    Security Update for Windows Media Player 9 (KB917734)
    SoundMAX
    VIA Platform Device Manager
    VIA Rhine-Family Fast Ethernet Adapter
    Viewpoint Media Player
    Windows 2000 Hotfix - KB820888
    Windows 2000 Hotfix - KB822831
    Windows 2000 Hotfix - KB823182
    Windows 2000 Hotfix - KB823559
    Windows 2000 Hotfix - KB824105
    Windows 2000 Hotfix - KB824301
    Windows 2000 Hotfix - KB825119
    Windows 2000 Hotfix - KB826232
    Windows 2000 Hotfix - KB828035
    Windows 2000 Hotfix - KB828741
    Windows 2000 Hotfix - KB828749
    Windows 2000 Hotfix - KB834707
    Windows 2000 Hotfix - KB835732
    Windows 2000 Hotfix - KB837001
    Windows 2000 Hotfix - KB839643
    Windows 2000 Hotfix - KB839645
    Windows 2000 Hotfix - KB840315
    Windows 2000 Hotfix - KB840987
    Windows 2000 Hotfix - KB841356
    Windows 2000 Hotfix - KB841533
    Windows 2000 Hotfix - KB841872
    Windows 2000 Hotfix - KB841873
    Windows 2000 Hotfix - KB842526
    Windows 2000 Hotfix - KB842773
    Windows 2000 Hotfix - KB867282
    Windows 2000 Hotfix - KB871250
    Windows 2000 Hotfix - KB873333
    Windows 2000 Hotfix - KB873339
    Windows 2000 Hotfix - KB883939
    Windows 2000 Hotfix - KB885250
    Windows 2000 Hotfix - KB885835
    Windows 2000 Hotfix - KB885836
    Windows 2000 Hotfix - KB888113
    Windows 2000 Hotfix - KB889293
    Windows 2000 Hotfix - KB890046
    Windows 2000 Hotfix - KB890047
    Windows 2000 Hotfix - KB890175
    Windows 2000 Hotfix - KB890859
    Windows 2000 Hotfix - KB890923
    Windows 2000 Hotfix - KB891711
    Windows 2000 Hotfix - KB891781
    Windows 2000 Hotfix - KB893066
    Windows 2000 Hotfix - KB893086
    Windows 2000 Hotfix - KB893756
    Windows 2000 Hotfix - KB894320
    Windows 2000 Hotfix - KB896358
    Windows 2000 Hotfix - KB896422
    Windows 2000 Hotfix - KB896423
    Windows 2000 Hotfix - KB896424
    Windows 2000 Hotfix - KB896688
    Windows 2000 Hotfix - KB896727
    Windows 2000 Hotfix - KB897715
    Windows 2000 Hotfix - KB899587
    Windows 2000 Hotfix - KB899588
    Windows 2000 Hotfix - KB899589
    Windows 2000 Hotfix - KB900725
    Windows 2000 Hotfix - KB901017
    Windows 2000 Hotfix - KB901214
    Windows 2000 Hotfix - KB902400
    Windows 2000 Hotfix - KB904706
    Windows 2000 Hotfix - KB905414
    Windows 2000 Hotfix - KB905495
    Windows 2000 Hotfix - KB905749
    Windows 2000 Hotfix - KB905915
    Windows 2000 Hotfix - KB908519
    Windows 2000 Hotfix - KB908523
    Windows 2000 Hotfix - KB908531
    Windows 2000 Hotfix - KB911280
    Windows 2000 Hotfix - KB911567
    Windows 2000 Hotfix - KB912812
    Windows 2000 Hotfix - KB912919
    Windows 2000 Hotfix - KB913580
    Windows 2000 Hotfix - KB914388
    Windows 2000 Hotfix - KB914389
    Windows 2000 Hotfix - KB916281
    Windows 2000 Hotfix - KB917008
    Windows 2000 Hotfix - KB917159
    Windows 2000 Hotfix - KB917422
    Windows 2000 Hotfix - KB917537
    Windows 2000 Hotfix - KB917736
    Windows 2000 Hotfix - KB917953
    Windows 2000 Hotfix - KB918439
    Windows 2000 Hotfix - KB918899
    Windows 2000 Hotfix - KB920213
    Windows 2000 Hotfix - KB920670
    Windows 2000 Hotfix - KB920683
    Windows 2000 Hotfix - KB920685
    Windows 2000 Hotfix - KB920958
    Windows 2000 Hotfix - KB921398
    Windows 2000 Hotfix - KB921883
    Windows 2000 Hotfix - KB922616
    Windows 2000 Hotfix - KB922760
    Windows 2000 Hotfix - KB923191
    Windows 2000 Hotfix - KB923414
    Windows 2000 Hotfix - KB923694
    Windows 2000 Hotfix - KB923980
    Windows 2000 Hotfix - KB924191
    Windows 2000 Hotfix - KB924270
    Windows 2000 Hotfix - KB925454
    Windows 2000 Hotfix - KB925486
    Windows 2000 Hotfix - KB929969
    Windows 2000 Hotfix (SP5) Q818043
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Media Player Hotfix [See Q828026 for more information]
    Windows Media Player system update (9 Series)
    WinRAR archiver
    Yahoo! Messenger
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.



    Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {076FB99F-7323-52DB-7C82-2787EE81B8C4} - C:\WINNT\system32\vfw.dll (file missing)
    O2 - BHO: (no name) - {076FB99F-7323-52DB-7C82-2787EE81B8C4} - C:\WINNT\system32\vfw.dll (file missing)
    O2 - BHO: (no name) - {8B8871C3-E206-E2A5-7125-E95B532A619E} - C:\WINNT\system32\fwqrcq.dll (file missing)
    O2 - BHO: (no name) - {F98871B3-E207-EAA7-7150-9B5B512E61EA} - C:\WINNT\system32\fwqrcq.dll (file missing)
    O4 - HKCU\..\Run: [CaseyVideo[1]] c:\windows\CaseyVideo[1].scr
    O4 - HKCU\..\Run: [Udtd] "C:\DOCUME~1\ADMINI~1\MYDOCU~1\ASKS~1\cmd.exe" -vt mt

    Close all applications and browser windows before you click "fix checked".


    Click Here and download Killbox and save it to your desktop.



    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    Copy the following list of files to clipboard, CTRL+C to copy

    c:\windows\CaseyVideo[1].scr
    C:\DOCUME~1\ADMINI~1\MYDOCU~1\ASKS~1\cmd.exe


    Now in Killbox go to File, Paste from clipboard.
    Click the All Files button.
    Click on the button that has the red circle with the X in the middle.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.

    If your computer does not restart automatically then please restart it manually.
    If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.





    Download and install AVG Anti-Spyware 7.5 AVG ANTI-SPYWARE IS ONLY FOR SYSTEMS RUNNING WIN 2K and XP
    (This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware)
    1. After download, double click on the file to launch the install process.
    2. Choose a language, click "OK" and then click "Next".
    3. Read the "License Agreement" and click "I Agree".
    4. Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    5. After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
    7. Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    8. Go to Start > Run and type: services.msc
    • Press "OK".
    • Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
    • When you find the guard service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Manual".
    • Now click "Apply", then "OK" and close the Services window.
    9. Select the "Update" button and click "Start update". Wait until you see the "Update succesfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with AVG Anti-Spyware as follows:
    1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan?" check all (default).
    • Under "Possibly unwanted software" check all (default).
    • Under "What to Scan?" make sure "Scan every file" is selected (default).
    • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
    2. Click the "Scan" tab to return to scanning options.
    3. Click "Complete System Scan" to start.
    4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

    IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

    5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    6. Exit AVG Anti-Spyware when done, reboot normally and submit the AVG Anti-Spyware report in your next reply and a new Hijackthis log.

    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    Note: If AVG Anti-Spyware "crashes" or "hangs" during the scan, try scanning again by doing this:
    1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

    2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
     
  7. tampa10

    tampa10 Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    5
    I ran the AVG software but forgot to put it in a report, I am sending you the HJT log, by the way I rebooted and I am not getting the error msg when AOL comes up.
    Thanks for your assistance.
     

    Attached Files:

  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Great!

    It's a good idea to Flush your System Restore after removing malware:

    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    • Restart the computer.

    To create a new restore point:
    • Start go to All Programs
    • Accessories, System Tools and select System Restore.
    • In the System Restore wizard, select "Create a restore point" and click the Next button.
    • Type a description for your new restore point. Something like "After trojan/spyware cleanup".
    • Click Create and you're done.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Solved Update virus
  1. fierrojr87
    Replies:
    1
    Views:
    476
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541122

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice