Computer viruses etc.

[Michael H]

Hey all

its good to be here....especially since i have a virus...a trojan zlob or something... i was the mssearchnet.exe bugger

i used pskill and adaware, seach and destroy, microsoft antispyware and smitrem, but i honestly dont know what the hell i'm doing...

I got rid of most of it manually (i think?) but when i run antispyware, it finds the trojan zlob and then it deletes it, but it comes right back...

any advice? help? guidance?
I'm really trying NOT to reset everything and start from scratch.

thanks
Michael

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow all the instructions exactly.

Post a fresh HJT log into this thread, only after doing the above.

I have moved this thread to our security and the web forum.

Regards Howard :wave: :wave:

 

[howard_hopkinso]

Post your HJT log into this thread please.

Regards Howard

 

[Michael H]

my hjt log

ok, so if i did this correctly, my HJT log is attached....i did it as a .doc b/c when i tried it as a .txt i kept getting error messages.

thanks
MH

 

[howard_hopkinso]

I cannot open a .doc file due to the risk of viruses. If you can`t attach your .txt file. Copy and paste your log into your next post.

Once I`ve finished with it, I`ll delete it.

Regards Howard

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AIM Toolbar
AWS\WeatherBug
PartyPoker

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

Weather.exe
PartyPoker.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\System32\hp93A4.tmp (file missing)

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/Veriz...loadControl.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold Files(if there).

C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\PartyPoker\PartyPoker.exe
C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
C:\WINDOWS\System32\hp93A4.tmp

Reboot into normal mode and turn system restore back on.

Download the free AVG antivirus programme and the free Zone alarm firewall. You can get them HERE and HERE.

Install Zonealarm, followed by AVG. Reboot your system and run the AVG updates. Do a complete system scan with AVG in safe mode.

Regards Howard

 

[Michael H]

Thanks Howard

I did all that, and AVG found the trojan and deleted it.

Then when I rebooted back into regular mode, I ran Microsoft Antispyware just to be sure, and it found the zlob, and said it deleted it (which it always does, yet it comes back)

Am I missing something?
Thanks
MH

 

[howard_hopkinso]

Go HERE and download and run the Microsoft malicious software removal tool.

See if that helps.

Regards Howard

 

[Michael H]

last scan by antispyware (microsoft) and the malicious remover both came back clean

you are not a god...but you have godlike qualities....

much thanks
MH

 

[howard_hopkinso]

Did you run AVG and the microsoft malicious removal tool from safe mode, with system restore turned off?

I suppose it`s possible , you have a new variant of zlob.

AVG and the microsoft malicious removal tool, are supposed to tack care of this infection.

Regards Howard

 

[Michael H]

ok...so in safe mode, with system restore turned off.... avg found 12 infections, but then when i ran microsoft malicious removal it said it was clean.

confusion growing...

MH

 

[howard_hopkinso]

Well that`s good. Hopefully your system is now clean.

The reason you need to turn off system restore is, a lot of infections hide in the restore points. Since no antivirus programme can clean inside a restore point, the infection just comes right back.

Turning off system restore, deletes all the restore points and the baddies that are living there.

Regards Howard

 

[Michael H]

so, should i continue to keep system restore off?? like, forever?

 

[howard_hopkinso]

so, should i continue to keep system restore off?? like, forever?

No. Once your system is clean, turn system restore back on.

Regards Howard