TechSpot

8 step removal process followed, attached are logs

By amaboo
Dec 2, 2009
  1. computer had antivirus system pro, i followed the 8 step removal, here are the logs
    cannot open task manager via ctrl+alt+del or rightclick startbar > task manager, btw.
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Looks like the tons of malware has done its damage... You will need to run some additional scans
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    amaboo, why did you start another thread on the same problem 2 hours later? I made comment on that thread to ignore as help is being given here.http://www.techspot.com/vb/topic138981.html

    And whenever you leave new HijackLogs, please be sure to include the heading such as:
    I have noticed that you have multiple antivirus programs running. You should decide which you want to keep and remove the others for the following reasons:
    [/B]
    Symantec
    Avira[/b]

    • Multiple antivirus programs can cause conflicts that may leave the system more vulnerable.
    • Multiple antivirus programs can also slow down the system.
      You should only run one AV program. Since Symantec is a paid program, you might want to consider removing Avira. Here are tools help. Download only the tool for the program you will uninstall:

    Norton Removal Tool
    OR
    Try this:

    • * Open My Computer
      * Select the C:/
      * Click Program Files
      * Click the AntiVir folder
      * Look for the uninstall icon, it may be in another folder called Avira.

    It's important to always have an updated and active anti-virus program on-board, however, so make sure you have another program downloaded before you uninstall Avira.

    Click on Start> Control Panel> Add/Remove Programs> highlight either Symantec/Norton entries-
    OR
    Aviira entry
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    amaboo, what did you start another thread on the same problem 2 hours later? I made comment on that thread to ignore as help is being given here.http://www.techspot.com/vb/topic138981.html

    And whenever you leave new HijackLog, please be sure to include the heading such as:
    I have noticed that you have multiple antivirus programs running. You should decide which you want to keep and remove the others for the following reasons:

    Symantec
    Avira


    • Multiple antivirus programs can cause conflicts that may leave the system more vulnerable.
    • Multiple antivirus programs can also slow down the system.
      You should only run one AV progrsm. Since Symantec is a paid program, you might want to consider removing Avira. Here are tools help. Download only the tool for the program you will uninstall:

    Norton Removal Tool
    OR
    Try this:

    • * Open My Computer
      * Select the C:/
      * Click Program Files
      * Click the AntiVir folder
      * Look for the uninstall icon, it may be in another folder called Avira.

    It's important to always have an updated and active anti-virus program on-board, however, so make sure you have another program downloaded before you uninstall Avira.

    Click on Start> Control Panel> Add/Remove Programs> highlight either Symantec/Norton entries-
    OR
    Aviira Entries Try this:

    * Open My Computer
    * Select the C:/
    * Click Program Files
    * Click the AntiVir folder
    * Look for the uninstall icon, it may be in another folder called Avira.

    It's important to always have an updated and active anti-virus program on-board, however, so make sure you have another program downloaded before you uninstall Avira.
     
  5. amaboo

    amaboo TS Rookie Topic Starter

    i uninstalled antivir, and it seems to me that the virus came back? i was on firefox with my laptop and then i got a popup saying system security will perform a quick and free scan. what should i do?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh good grief- I hope you could make sense out of my last reply. I just made mega corrections. Cat "pawed" the post button before I could run spell check and tags. So sorry!

    Run this please and attach log to next reply:
    Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  7. amaboo

    amaboo TS Rookie Topic Starter

    it didn't save a log, but it said no threats found o-o
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What problems are you having related to the malware?
     
  9. amaboo

    amaboo TS Rookie Topic Starter

    sorry, took a while. i thought the virus was gone, but i guess not. i'm suspecting multiple viruses. running scans right now.

    random pop-ups, windows defender was turned off apparently, a pop-up that said test came popping up and this debugger thing kept popping up. i don't know what's up with that laptop :[
    my systematic kept telling me that virus was found and some were deleted, and some weren't. i'm really not sure what's wrong with that computer. please help ;-;
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, the scan are now a week old. If you want to attempt this again, you will need to run the initial programs again HERE.

    Leave the 3 logs in your next reply. If I ask you to run something and ask for the log, you must give me the log. You're telling me:
    I don't know what a 'systematic' is. I need to know what it is hat's telling you that you have a virus- what is the message you're getting? What is giving this message> a program? A scan?
     
  11. amaboo

    amaboo TS Rookie Topic Starter

    okay, systematic is my systematic antivirus. sorry about that. here are the logs.

    and this is what i get from my antivirus:

    Scan type: Auto-Protect Scan
    Event: Threat Found!
    Threat: Trojan.Zbot!gen3
    File: C:\WINDOWS\TEMP\noxr.tmp\svchost.exe
    Location: C:\WINDOWS\TEMP\noxr.tmp
    Computer: MYHPPAVILION
    User: SYSTEM
    Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied
    Date found: Monday, December 14, 2009 7:57:59 PM
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    For your understanding and in case you need to do a search for it, your antivirus programs is from Symantec, not systamatic. In the world of cyberspace and malware, it is very important that names and messages be correct.

    If we start this again, you will need to finish the cleaning- stopping, then restarting a week later is not the way to go.

    The AV shows the malware in your tmp files. We will clean those. It is also in the restore points, so please do not use the System restore feature while we are cleaning.Please do this first:

    TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

    Please reopen HijackThis to 'do system scan only.' Check the following if present: (Entries in Green are Optional Removals)

    C:\Program Files\Viewpoint\Common\ViewpointService.exeSee Optional 1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    O20 - AppInit_DLLs: hilavabi.dll c:\windows\system32\zazanezo.dll
    023 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe See Optional 1


    Optional 1 Description: Foistware> Viewpoint:You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player:

    Close all Windows except HijackThis and click on "Fix Checked."

    If you have decided to remove Viewpoint, do the following when HJT has finished:
    To remove, find and remove Viewpoint Media Player

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    • Click on Start > Run and type: services.msc> OK
    • Click the "Extended tab".
    • Scroll down the list and find the service called "Viewpoint Manager Service"
    • When you find the service, double-click on it.
    • In the Properties Window > General Tab that opens, click the "Stop" button.
    • From the drop-down menu next to "Startup Type", click on "Disabled".
    • Now click "Apply", then "OK" and close any open windows.
    • Click on Start > Settings > Control Panel >Add/Remove Programs
    • Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
    C:\Program Files\ViewManager\ <-- and delete this folder
    C:\Program Files\Viewpoint\ <-- and delete this folder

    Empty the Recycle Bin

    Then Download SDFix HERE and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

      Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

      Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    • Attach Report.txt back here

    Follow with Run Eset NOD32 Online AntiVirus Scanner HERE

    Note: You will need to use Internet Explorer for this scan.
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    Rescan with HijackThis.

    Inclide the following in your next reply:
    1. SDFix report
    2. Eset online scan log
    3. New HJT log.
     
  13. amaboo

    amaboo TS Rookie Topic Starter

    i have another problem now... when i reboot, i get the blue screen of death. when i tried safemode, i would get it. now, when i try rebooting normally, i get it too. it's going in a circle. i don't know what to do ;\
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What had you done before the BSOD started? What message is with it?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...