Completed all 8 steps.. now what?

[wallflower89]

I Use Kasperksy Internet Security 2009, I also use the fire wall that is with it *is that enough do I need one of the free ones?*.

Two Trojans were found: Trojandownloader.win32.agent.cjup
My KIS told me to delete them. So I did.
I got something that said “Password protected C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.reg” umm last time I checked that was a Trojan.. and really bad I have never downloaded anything by that name….  My KIS picked this up :\
I took spybot off a little while ago cause it seemed like it was missing stuff I would see what it was scanning and it would say something like “so and so casino” or “zango” and from what I have been told and remember that stuff is spyware… and it kept saying something about smitfraud and I have never downloaded anything by that name, and it looks fishy.. so I took spybot off and started this virus removal thing yall have.. do I need to put spybot back on? Oh spybot after I think 5 or 6 scans picked this up as something bad but when I went to go and get rid of it, it said I had to be and admin.. I am an admin.. I am the only person on this computer? I even tried to manually go into the registry where it said it was but I never found it *I followed the thing it was in like Hkeylocal so on and so on.

Ran cleaner three times.



Downloaded and ran malware bytes got this after selecting “remove all” (log at bottom)
”certain items could not be removed! The first few are listed below. All items that could not be removed have been added to the delete on reboot list. Please restart your computer now. A log file was saved to the logs folder…(then more about wanting to reboot now.. I did).

Downloaded and ran the superantispyware free edition (log below) was given a prompt saying I needed to reboot . I did.

Downloaded and ran hijack this (log below) I don’t understand a thing that hijack this said. It just gave me a list of things I don’t know if something is wrong or what?? Can someone please tell me what to do with it?

 

[PrivateCranky]

Hi there,

Have you tried deleting the said file as noted in your MBAM log?

C:\Users\Public\Favorites\NginuL_na.exe (Worm.AutoRun) -> Delete on reboot.

Is this file still there, and if you run MBAM again, is the file located again?

Sorry If this is too obvious

Pvt. Cranky

 

[rev_olie]

Hi,

Go to: Start > Run
Type: services.msc
Click Enter

Maximize the Services window

Drag the separator bar between Name and Description, so you can see all the text in the Name column.

Scroll down and look for: Viewpoint Manager Service < ---name of service.
Right click it and select "Properties"
Click the "Stop" button and wait for the service to be stopped.
Change the "Startup Type" from Automatic to "Disabled" (c/o drop-down menu)

Please open HijackThis Again and then select Do a System Scan only
Navigate to the following items and place a tick next to it:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Viewpoint is classed as foistware that can view movements and show advertising on your PC and should therefore be removed.

Then press Fix Checked.

Now Go to Start > Control Panel > Programs and Features and uninstall the following if there

Viewpoint

After that please go to Start > Control Panel > Folder Options and click View. Then click on Show Hidden files and Folders.

Then navigate to C:\Users\Public\Favorites\ and delete the following files if there:

NginuL_na.exe
The file may now be present and might have ben removed by MBAM and so if its not there dont panic

Now please run Hijackthis again and select Do a system scan and save a log file
Attach that to your next reply.

Also please do another Malwarebytes scan.

 

[wallflower89]

thank you for the help
i did everything step by step and had noproblems untill: the 023:service in Hijackthis.. Viewpoint wasnt there... so i went on and just uninstalled
Next i showed hidden folders went to C;\users\publics\favorites and got this message : "C\users\public\favorites is not accessable the name of the file cannot be resolved by the system"
just read to do another malwarebytes scan will do do you also want the log from that ?

Ran Malwarebytes again recieved this message "certian items could not be removed! the first few are listed below. all items that couldnt be removed have been added to the delete on reboot list. File : C:\userspublic\favorites\ngiul_na.exe Please reboot"
also attached is the log
here is hijackthis:

 

[rev_olie]

Ok then.

I've been doing some digging around and that infection is actually a false positive. It is a read error with windows Vista that is not actually apparent on the users system. See Here

Viewpoint is also gone so that's not a problem any more.

So lets have a further look and make sure everything is gone:

Go to Kaspersky website and perform an online anti virus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[wallflower89]

YAY THANK YOU!! i have been worried for somtime that it would like mess with my other files and such ok im not finding the online scanner for kaspersky's... i will keep looking for it till i find it thank you verry much for your contiuned help
UPDATE

I clicked on the kapersky's link for the online scanner and it gave me this message "Program has failed to start.close the kaspersky online scanner 7.0 window and open it again to install the program.

[ERROR: java.lang.RuntimeException: You can not run scanner 7.0 because you already have kaspersky 8.0(9.0) installed on your computer"