Browser Hijacked and Spy.Win32

Status
Not open for further replies.
May I also suggest that you read this thread HERE before deciding if you should clean or format your system.

Regards,
momok =)
 
I did all the above. Both logs are attached. I ran my virus scan in safe mode, it found about 30 files that was infected. All of which i removed. I'm hoping i'm clean. If i keep finding files over and over, i'm just gonna format it out. But i'm trying to salavage my files.
 
-
You need to pick one antivirus and uninstall the other. It is unnecessary and can cause system conflicts, slowdowns and crashes.

------------------

Open HijackThis and select "Do a system scan only" and place a check mark next to:

O2 - BHO: (no name) - {30D8163B-E0B5-405E-B1B1-933707CC08BE} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all windows except HijackThis and click "Fix checked"

-------------------

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\system32\gqtlzecz.dll.vir
C:\WINDOWS\system32\tuvstsr.dll.vir
C:\WINDOWS\system32\gebya.dll

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30D8163B-E0B5-405E-B1B1-933707CC08BE}]

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

CFScript.gif


* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

--------------------

javaicon.jpg
Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.

* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.

---------------------

Download Superantispyware (SAS) SUPERAntispyware Free Edition

Install it and double-click the icon on your desktop to run it.
* It will ask if you want to Update the program definitions, click Yes.
* Under Configuration and Preferences, click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked:
+ Close browsers before scanning
+ Scan for tracking cookies
+ Terminate memory threats before quarantining.
+ Please leave the others unchecked.
+ Click the Close button to leave the control center screen.
* On the main screen, under Scan for Harmful Software click Scan your computer.
* On the left check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK.
* Make sure everything in the white box has a check next to it, then click Next.
* It will quarantine what it found and if it asks if you want to reboot, click Yes.
* To retrieve the removal information please do the following:
+ After reboot, double-click the SUPERAntiSpyware icon on your desktop.
+ Click Preferences. Click the Statistics/Logs tab.
+ Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
+ It will open in your default text editor (such as Notepad/Wordpad).
+ Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
* Please add the log as an attachment along with a new HijackThis log in the next post.

--------------------

Next post please attach
combofix.txt log
SUPERAntiSpyware log
New HijackThis log
 
Download ViewpointKiller

* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.

Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

---------------------

Next post please attach
New HijackThis log
 
And thank you for your help!

No problem.


The log is clean.

You can delete any logs that may have.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

combofixu3.jpg


Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again


If anything else comes up then let us know.

Safe surfing.......
1%20(6).gif
 
Status
Not open for further replies.
Back