Solved: Virus laden

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

slaborman

Thread Starter
Joined
Jun 23, 2005
Messages
5
Please Help!!

I am a moderately literate computer person, however viruses have overtaken my system. Initially, I had the trojan spy-smith fraud complete with the blue screen with the fatal error message; performed an action that removed the message, but left me with a blue screen. Yesterday however I downloaded a panda to find that I had a virus that neither mcaffe, nor adware or spybot was able to detect. Currently, my system is very slow and driving me out of my mind.

I am using Windows XP and have attached a copy of the log from hjt.

Any assistance would be greatly appreciated.
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Welcome to TSG!! :)


Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe

Close all applications and browser windows before you click "fix checked".


Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Reboot.

Click here to download Adaware SE.
Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window: Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Reboot and post another HJT log for review.
 

slaborman

Thread Starter
Joined
Jun 23, 2005
Messages
5
I have followed the directions as indicated and have posted a new njt log.

There were 11 items that adware se cleaned. While my system has stopped the perpetual churning, it is still quite slow and the screen is still blue.

Thanks.

Slaborman
 

Attachments

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Click here save this smitfraud.reg file to your desktop.

Double-click the smitfraud.reg file on your desktop. When asks if you want to merge with the registry, click YES button. Wait for the "merged successfully" prompt.

Reboot.

You need to remove one of the anti-virus products or configure AVG to scan on demand only!
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top