Aveast Keeps Catching 1.reg virus/worm after I've tried to remove it

[JustJay420]

Im running the Vista Home Basic OS and everytime I start my PC Avast keeps finding the 1.reg virus after I thought I followed some instructions I found to remove it correctly. Can someone help me? If I need to attach any logs please let me know and I will do that ASAP.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of JustJay420 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JustJay420]

I forgot to mention that my Windows Firewall was also catching a program that was trying to access my computer after the boot. It was "xazojing.exe" I saw it in the system config box under startup and unticked it. I havent had problems from it since and the 1.reg file doesnt show up anymore after the reboot from safe-mode. Seems like I'm on the right track now.

As I Said Before Im Running The Vista OS So I Ran The AVG Rootkit program instead of Panda Rootkit and the results came back clean. Here are the logs you asked for...

 

[howard_hopkinso]

Taken from HERE.

Please note: HJT and any other logs must not be posted as .doc files. This is due to the risk of viruses etc.

Regards Howard

This thread is for the use of JustJay420 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JustJay420]

Sorry Lol!... Read the instructions backwards as hell. Here you go...

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Your HJT log is clean.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\Windows\System32\xazojng.exe
C:\Windows\System32\embwvaj.exe
C:\Windows\System32\zvqueds.exe
C:\Windows\System32\wxsnxkx.exe
C:\Windows\System32\kabqbaf.exe
C:\Windows\System32\yshcqiq.exe
C:\Windows\System32\nusetuk.exe
C:\Windows\System32\nithmqc.exe
C:\Windows\System32\holqdno.exe
C:\Windows\System32\apuartg.exe
C:\Windows\System32\ailrrhl.exe
C:\Windows\System32\kytjbfh.exe
C:\Windows\System32\ujnnaiq.exe
C:\Users\justjay\AppData\Roaming\wklnhst.dat

Folder::
C:\VundoFix Backups
C:\ProgramData\Viewpoint
C:\ProgramData\WildTangent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update Machine"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Regards Howard

This thread is for the use of JustJay420 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JustJay420]

I Wasn't Prompted To Reboot But Here's The New ComboFix Log Anyway...

 

[howard_hopkinso]

That looks clean.

Delete the following folder.

C:\qoobox

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of JustJay420 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[JustJay420]

Thanx...

I appreciate all of the help, and I'm gonna keep some of the programs I've downloaded, they should be very useful. I'm gonna spread the word about the site. Thanx again...

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.