Could someone help me? Virus SOS

[mflynn]

COMBOFIX-Script

Delete and create new or edit the one you have and delete the old text and replace with the below.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Folder::
c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
File::
c:\windows\system32\Agent.OMZ.Fix.exe
Registry::
[-HKCR\CLSID\{137E6E5E-A205-4657-A49F-1AB865787089}]

Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back to us.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then get me the OTScanit log.

Mike

 

[JakeRazy]

When i run Otscanit it only has Disabled MS Config Items under the additional scans. Should i run the scan even though i don't have the others?

 

[mflynn]

Yes get it here tho I am leaving and may not be back for a couple hours.

Mike

 

[JakeRazy]

Hi Mike,
Here are the ComboFix and OTscanit logs. I appreciate your help so far,
Jake

 

[mflynn]

OK Jake you did it!

Run me 1 more ComboFix so I can see it clean. Then update your virus scanner and do a full scan.

Then tell me if all is well how the computer is running.

Mike

 

[JakeRazy]

Hi Mike,
I'm a little upset the SAS full scan came up with 14 hotbar.adwares. I ran the combo fix scan and attached that log too. There has to be some program that will fix my computer.
Jake

EDIT: Now my SAS scan came up with the same 14 viruses AND an adware tracking cookie. I attached that log below as SASlog3

 

[mflynn]

Ok go back to post #26 and do again.

I had a typo and have corrected the Box.

Reboot rerun SAS!

Mike

 

[JakeRazy]

Should i run the Otscanit again also?

 

[mflynn]

No not needed!

Mike

 

[JakeRazy]

Ok i ran ComboFix with the code you gave me and i think it worked.
Ok i just ran a full scan with SAS and still the same 14 viruses and the adware tracking cookie keep showing up.

 

[mflynn]

Hi jake

This is a really low risk item but we both want it gone. SAS is supposed to eradicate it permanently. Should not be that hard to get rid of.

Go here get thi but don't run : http://securityresponse.symantec.com/avcenter/FxHotbar.exe

Then boot to safe mode and run SAS click Preferences-Repairs counting from top as #1 do the following entries.
5-7-9-10-11-13-14-15-18 -19-21-22

Then still in SAS clean again, then without rebooting run the FxHotbar.

Reboot and quick scan SAS to confirm gone.

Mike

 

[JakeRazy]

Hi Mike,
Sorry i haven't been here for a few days, Happy Holidays by the way. The SAS scan still showed up with the same adware, although i think i got rid of the tracking cookies. I ran the repairs. The hotbar scan still didn't find the adware although the SAS scan still does.
Thanks,
Jake

 

[BlkHeartWolf]

Hi i really need some help with this. My computer has a number of ad-ware spy-ware and malware infections. I was told to attach the scan logs which are listed below.
EDIT:Also the virus keeps reinstalling itself every time i open up the internet.

Thanks in advance,
Jake Razy

I have a copy of your Hyjack this file and edited the keys in BOLD wordpad doc file.
this is not that easy anymore. there is a better tool out there but it will not run on a PC with Mcfee

IDriverT.exe process which belongs to the InstallShield product installation service, related to microvision, which should only appear when you are installing a new piece of software. if you were not installing software it may be the trojan.

You could do a system restore then clean the related files left behind but i have seen this does not always work.

What i do is turn offsystem restore and Delete ALL temporary files and folders run Malwarebytes "short scan" and hijack this at the same time. check the links I bolded in the file but do not hit the fix button yet. DO not exclude google. or Yahoo companion

when Malware bytes is completed its short scan tell both programs to fix at the same time to prevent the trojan from rewritting itself and break the process's.
do a hard shut down right away.

It is great if you can find a adapter and plug your hard drive into another PC to clean it up but if not then you may need to do it a few times as it seems to be a matter of timing.

Do do a search for googl in the reg to see if it is a listed provider for google also and remove it. cleanup the folders, regkeys and files listed in hijackthis.

if you are new to this export your registry and a copy of deleted files to a backup.
You can also get and make a BART boot CD to restore files if you make a mistake

 

[rf6647]

jakerazy, it appears that efforts are directed at using standard tools to remove a low risk threat. Perhaps answering the exception appearing in the log may be the solution. It's worth trying - disable the antivirus program. Seeing a fresh HJT log adds to the current picture.

m35 ComboFix 08-12-21.04 - Jake 2008-12-24 10:14:50.7 - NTFSx86 >> * Resident AV is active