help! melaware threats problem

[phooey]

followed the instructions on how to remove malware/spyware etc.... i stopped with step 10, after downloading toolkit1.... shall i do the cleaning or just the search? i did the search and the results are

what do i do next????


xoxo
chiaz, thanks, i ddint know where to post a new thread.... i'm so lost.... urgh

uh...malware problems i mean

 

[chiaz]

Hello again.

I'm not sure if I'm allowed to help you, so moderators just give me a nudge if there are official helpers for this.


In the meantime phooey, You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".


The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.




This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.

 

[phooey]

i did so....

but i ddnt see SmitfraudFix folder... why is that??? and my pc froze

 

[chiaz]

Apparently the folder you have it in is:
C:\Program Files\Mozilla Firefox\SmitfraudFix


And when does your system freeze?





This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.

 

[phooey]

i opted to try again and hurrah.... im on to step 11....thanks...!!!!!

 

[chiaz]

After Step 11, skip Step 12 and go on to Step 13, 14 and 15. Thanks.



This thread is for the use of phooey only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in security and the web forum.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Instructions for using each tool in step 10 are on the download sites, you are advised to follow the instructions for using each tool.

I don`t advise skipping step12 as it is quite important and I need to see a Combofix log.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, once you have completed the instructions.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phooey]

yow

here are the logs........ :wave:

 

[howard_hopkinso]

Go HERE and download and run the Parite removal tool. Follow the instructions.

Post a fresh HJT as well as a fresh Combofix log once done.

Regards Howard

This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phooey]

fresh hjt n combo...

thanks again!!!

i'll see your reply tomorrow... i still have to review... ciao...!!!!

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

NuNinst.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYPH

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\NuNinst.exe

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phooey]

here they are...

thanks again

 

[howard_hopkinso]

Your logfiles are clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phooey]

whew!!

thanks a whole lot!!!!! :hotbounce

 

[phooey]

good day...

'zup? i forgot how to post a new topic soo.... anyway... could you please take a look at my latest logfile?

 

[howard_hopkinso]

It`s ok, there`s no need to start a new thread.

Your HJT log is clean.

Regards Howard

This thread is for the use of phooey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[phooey]

thanks...!