another virus

[DulaxTwo7]

I get pop-ups telling me that my laptop has been infected and that I need Antimalware software to clean and protect my system, and even providing links through which I can “download approved software” … when I open Explorer, about:blank appears as the address, and eventually turns into which offers and promotes “recommended anti-spyware software”
Then a popup appears with my homepage saying"
MICROSOFT INTERNET EXPLORER
Warning!
W32.Myzor.FK@yf is a virus that infects files with .exe extensions. It attempts to steal passwords and private information from the infected computer.

Amongst other information, on said pop-up alleged “technical details” states: 1. Creates files in %Windir%\directory. By default this is C:\Windows; 2. Adds values to registry keys: HKEY_LOCAL_MNACHINE\Software\Microsoft\Windows\CurrentVersion\Run; 3. Scans the hard drive for .exe files and infects any executable files. Searches for passwords/information, which it may send to a remote attacker.

It then gives me “Recommendations”: Click “OK” to download officially approved security software.
Other pop-ups come up randomly, but basically with similar approaches and information. "
What ever i have is causing some programs to close out of no where and is really annoying. I ran hijackthis and this is what came out.

--Verobose HJT log removed.--

 

[Spike]

Firstly, Welcome to TechSpot :wave: :wave:

I've taken the usual step ( I was feeling nice) of correcting your post by replacing it with A .txt attachement of your HJT log.

Please follow the sticky thread entitled Before posting your HijackThis log, please read this., paying attention to the note that says that HJT should be in it's own directory (eg, c:\hjt\hjt.exe), not on your desktop. This is for your own benefit should you find that you need to restore a backup from HJT (unlikely, but it happens).

I would also recommend that you uninstall Symantecs Norton from your machine - actually, I couldn't recommend it more strongly, and many of us here will say the same.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

dcomcfg.exe
bittorrent.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.d.umn.edu

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD021.tmp

O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://cpower.collegepro.com/control/ScriptX.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlontech.net/100348/qmpbeta/qsp2ie06011811.cab


Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\hpD021.tmp

Reboot into normal mode and turn system restore back on.

Regards Howard :wave: :wave:

BTW. Thanks Spike.

 

[DulaxTwo7]

Thanks Howard. That got rid of one of the ad/spy ware problems. but i think there is more. I have a icon on the task bar of a green guy in a wheel chair that frequently has pop up come near him saying that my computer is infected
Critical system error.
THis icon brings me to http://www.spyfalcon.com/?aff=264. I will run HJT again. and show you the results. thanks for all the help

 

[howard_hopkinso]

Go HERE and follow the instructions. These are specific to removing Spyfalcon.

Then post a fresh HJT log.

Regards Howard

 

[DulaxTwo7]

I think every thing is going well. It appears that the ad ware is gone, here is the latest HJT log.

For some reason I can't put this on as an attachment. so here is the log

-verbose hjt removed -

 

[howard_hopkinso]

I`m glad to say, your HJT log is now clean.

Regards Howard

 

[DulaxTwo7]

Yeah!!!!!!!!!!!!!!!!

 

[DulaxTwo7]

any ideas on a better anti virus, anti spy ware, fire wall to get????

 

[howard_hopkinso]

Yes. Download the free AVG antivirus programme from HERE.

Then, download the free Zonealarm firewall from HERE

Disconnect from the net and uninstall your Symantec/Norton crapware from add remove programmes in your control panel. Note: You maye need to uninstall in several bits, rebooting your system inbetween.

Once you`ve got rid of Symantec, install Zonealarm, followed by AVG. Reboot your system and reconnect to the net. Run the AVG updates.

You may notice your system might run faster as well.

Regards Howard

 

[Spike]

And if you're REALLY interested in getting more secure, you might like to consider the contents of the "securing windows" thread, https://www.techspot.com/vb/topic31474.html

If you're not a big Zone Alarm fan, the other option is Sunbelt Kerio Personal Firewall, HERE

Nice to see someone so enthusiastic about the help they get here.