TechSpot

Am I still infected with W32.Myzor.FK@yf?

By s888
May 9, 2006
  1. The other day I was infected by W32.Myzor.FK@yf. My homepage got changed and pop ups saying I need virus protection. I scanned my computer with several anti-virus/spyware programs and got rid of the homepage the virus created and those pop ups. I am not sure if I got rid of the whole virus or if there is something else on my computer but I don't think my computer is virus free yet, so if anybody could help me get rid of this or tell me if its still there, that would be great.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Lets see what we can do for you.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. s888

    s888 TS Rookie Topic Starter

    Sorry forgot to mention that I have followed that thread already. Anyways here is my HJT log.
     
  4. Spike

    Spike TS Rookie Posts: 2,371

    Hi there. You have nothing too serious on your log, and the Myzor.FK infection you mention is certianly not present. You might like to do the following though...


    Reboot into safe mode, and tell explorer to show hidden files and extensions. (no need to turn off system restore for this, as your log isn't too bad. Unless of course you didn't turn off system restore when you were following the instructions, in which case do so first, and re-enable it once you've finished)...

    Open task manager, and end the task
    symlcsvc.exe

    Go to add/remove programs and...
    uninstall DAP (Download accelerator plus)
    uninstall anything to do with symantec (not spyware, but I see you've changed antivirus! :)thumbs up:) and you have a residual service)
    Spyware detector (it's complete rubbish)

    run HJT and let it fix the following entries...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://express.rogers.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    in My Computer/Explorer, go to...
    C:\Program Files\Common Files\ and delete the "symantec shared" folder.

    Reboot normally into windows.
     
  5. s888

    s888 TS Rookie Topic Starter

    Ok, I followed all of that. Here is a new HJT log if needed.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    Regards Howard :)
     
  7. Spike

    Spike TS Rookie Posts: 2,371

    oops - missed one. SpywareBegone is also a suspect/rogue antispyware tool.

    Won't do any harm I guess, but I hope he doesn't rely on it!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Quite right Spike. I missed it too.

    s888 should go to add remove programme in his control panel and uninstall it asap.

    Regards Howard :)

    This thread is for the use of s888 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.