Flashing error sign?

[Loz1234]

Hi I keep getting a flashing error sign in the bottom right side of the windows xp bar that says performance is decreased due to a virus/ spyware

it has downloaded a "security toolbar 7.1" to my computer 2 new programs named live safety centre and online security guide. I also keep getting popups and they differ sometimes saying "system alert: trojan........"

I will post Hijack this logs however am going out now so can't follow the rest of the instructions until later.

 

[Rik]

The combofix log is the most important one for the type of infection you have, we need to see it.



This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

Hi Rik,

did the combofix log which didn't fix the problem (don't know whether it should as i'm a novice) and have attatched it to this post, will await your reply, cheers.

 

[Rik]

You need to go through the full instruction set below.


You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

I definately want to clean it, as for the preliminary removal instructions t ok to skip the AVG parts because I already have Norton 360 and several other virus / spyware scanners or is it a vital part?

 

[Rik]

Norton is useless for what we need to do. It's by far and away the worst product of its kind. Removing it is your best option. Below is some instructions on how to do it.

Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.




This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

I want to keep 360 (because I paid a lot for it!) so i'll follow the instructions and post logs for everything hopefully!

Sorry for not being on line for most of yesterday, should be around more today!

AVG anti - spyware log

Found 5 items: 4 tracking cookies 1 worm.viking.j

Edit: Log was done before i deleated them!

 

[howard_hopkinso]

Please post fresh HJT, Combofix and AVG Antispyware logs.

If AVG Antispyware only finds cookies and nothing else, then we don`t need to see it.

Regards Howard

This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

Ok, thanks howard

The original AVG Antispyware did show one worm as I said, I am now running it again and will post when it's done (last one took an hour and a half) and will update the rest when done.

Do you have an idea of what it is or any quick ways to get rid of it,

cheers, lawrence

 

[howard_hopkinso]

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

This is the filepath you need to enter into Vundofix.

C:\WINDOWS\SYSTEM32\yrbiudyq.dll

Please post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

Cheers Howard, the VundoFix worked a treat it doesn't appear that any virus/spyware/malware is there at the moment!

I have created the two new logs i will await th all clear (hopefully!)

Once again thanks, Lawrence

 

[howard_hopkinso]

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)

Click on the fix checked button.

Close HJT. Other than that, your HJT log is clean.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

Regards Howard

This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

I won't bother posting a new HJT log if you believe it is clear, here is the avenger log, cheers

 

[howard_hopkinso]

How can I tell if it`s clear if you don`t post the log? I`m not psychic you know lol.

Post a fresh Combofix log, then I can give it a final check.

Regards Howard

 

[Loz1234]

sorry mate, lol, combofix log on the way

 

[howard_hopkinso]

That`s all ok, I just wanted to be sure.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Loz1234 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Loz1234]

Thanks Howard, great job and I really appreciate it.

keep doing what your doing,

lawrence

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.