hi there

i need help from u peeps about my computer, it has lods of virus/malware craps on it and i cant seem to get it out...

i have an adaware professional installed and mcafee 7 with updated dats but it seems that they cant detect those craps. my mouse cant be controlled. it circles around the screen and pressing any icon it can get! plus when i try to click on icons it wont follow..even the shutdown command wont work! so i have to manually shutthe pc down...by long pressing the power button

i read on a previous posts on how to deal with it and i have this HJT log...hope anyone can solve this...thanks!!

You have some real nasty infections on your system.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

hey howard

thanks for the time in looking at my problem, you see i already read and did what was instructed in ur thread about removing malwares BEFORE posting my HJT log. and after scanning thats what the info in my HJT log. i also downloaded and ran the tool1 to tool4 in ur thread in normal mode before doing what was instructed like running the antivirus first then the CCleaner, the spybot, adaware, then the AVG antispyware..then lastly the HJT...one more thing about the adaware personal, im using the professional version.is it ok? or do i have to download the personal version?

but i will scan it again for u...just wait for my logs
thanks!

No problem mate.

You don`t need to use Ad-aware se personal if you already have the pro version.

Just make sure to rename HijackThis.exe and post a fresh HJT log as well as an AVG Antispyware log.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

hey again howard..

i did wat was in the instructions again and this is my report...

Download the Registry Search Tool from HERE. It`s near the bottom of the page. Extract it, then double click on RegSrch.vbs file and copy and paste the following into the command line and click ok. Altnet

Copy and paste the results into your next post.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Altnet

Close control panel.
Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Print Spooler Service<Not to be confused with Print Spooler.

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

mlsdf8h5824819.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O20 - Winlogon Notify: McafeeToDel - C:\WINDOWS\

O23 - Service: Print Spooler Service (wiu94uk766) - Unknown owner - C:\WINDOWS\System32\mlsdf8h5824819.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\System32\mlsdf8h5824819.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log as well as the output from the Registry search tool.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

ok..will do that mate!

thanks again!

hi..sorry i was not able to post nor did what u told me to do on my PC becoz there seems to be a problem opening techspot on it...i checked with other sites and my internet works fine but when i try searching techspot it cant get inside...it is just loading and loading...

You should follow the instructions in my above post, just as soon as you can.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

hi howard...i was just browsing about other's net problems and i read that of browser hijacker of SMELL THE GLOVE, and i realized i also have that same problem. i cant seem to access techspot but other sites are no problem...it just keeps on loading and loading till it says techspot took too long to respond...its been two days now since i access techspot from my pc...now i have to wait in the office just to access techspot...which could really delay my progress in scanning my pc...hope i dont have to reformat like Glove did

That`s weird, not being able to access Techspot.

Have you been able to follow the instructions I gave you? Maybe you could copy and paste the instructions into a notpad file and take it home with you.

Run the Ccleaner programme as per the instructions in this thread HERE. That should clear your cookies and hopefully, you`ll be able to access Techspot again.

I don`t think you have the same problem as SMELL THE GLOVE.

If you still can`t access Techspot, I suggest you post your problem at the Bleeping Computer forums and see if they can help.

Obviously I can`t help you if you can`t access our site.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

that exact same problem happened to me aswell then i found out it was a corrupt bios.

How the hell is a corrupted bios going to stop someone from accessing Techspot, or placing malware on a computer?

There`s no doubt that apaullo`s computer is infected, hence my instructions.

To suggest a corrupted bios is resposible is just plain wrong.

Regards Howard :rolleyes:

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

well the bit where he said that the mouse was going all over the screen clicking on everything. thats what happened to mine and i had a corrupt bios.

Sorry do disagree with you TS Special Forces but in my opinion that Registry Search Tool does more harm than good. I realise I'm a new member & you probably wont pay much attention to what I say but I am a top member on other forums & I joined this forum just for all of you who are having trouble with Desktop Hijack malware.

The easiest way to get rid of it is to download SmitFraudFix from http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Once downloaded a new folder (SmitFraudFix) will appear on the desktop, open it and double-click SmitfraudFix.exe
Select 1 and press Enter, a notepad report file will open up, close it and reboot your computer in Safe Mode (before the Windows icon appears, tap the F2,F8 etc. continually) & select the first option, ignore the bottom two.
Log in as the same person you where when you downloaded the program & not the administrator.

Open the same file on your desktop & select SmitfraudFix.exe this time Press 2 and Enter.
You will be prompted Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file? answer Y (yes) and hit Enter to restore a clean file.

A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive.

It's really that simple!
HOPE THIS HELPS

That might be an outside possibility, However, until all the nasties have been cleaned, it`s a waste of time trying to find any other reason for the mouse problem. I`m still of the opinion this is all malware related.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

hmm howard..im confused..after i extract the reg tool in my pc and double click it...there were commands from the notepad that appeared, and you siad to copy and paste the following on the command line..you mean in in dos mode? and what will i copy paste? sorry if im a little confused here

When you extract the Registry Search Tool zip file, you should get the following file. RegSrch.vbs Double clicking on that file should open a small window.

Copy and paste the following name into the window. Altnet and click the ok button. If anything is found a notepad file will open with the results. Copy and paste the contents of the .txt file into your next post.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

yep i got it...but theres a problem though, when i run the regsearch in cmd, and pressed ok, it says runtime error: permission denied, so i was not able to log it..but i followed ur next instructions and heres my HJT log

Turn off system restore.(XP/ME only) See how HERE.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Now run the Registry Search Tool again as per the instructions.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Let me know the results please.

Regards Howard

This thread is for the use of apaullo only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.