TechSpot

I have a sick PC, the bug looks to be ucleaner.com

By dr.bd
Mar 17, 2008
  1. When on the internet I am getting security warning pop-ups that seem to come from three self downloading security programs. On log-in my home page is replaced by ucleaner.com, I assume these are all linked. My new XoftSpy SE finds them and removes them, including the flashing red security warning in my task bar, but they reload the next time I'm online. I have a HJT scan log but I am afraid I may delete the wrong items. Can anyone help? I am a people doctor, so I can help you with your virus, but not my PC's. thanks dr.bd
     
  2. Matthew

    Matthew TechSpot Staff Posts: 5,268   +92

    Complete the 15 steps here and post the requested logs afterward.
     
  3. dr.bd

    dr.bd TS Rookie Topic Starter

    All scans have been perfomed. Here are my .txt results

    Here are the three .txt files. I am not sure If I have already removed the problem with the 15 step process sometimes it takes a while for the problems to reappear. Thank you again. Bruce
     
  4. kritius

    kritius TS Guru Posts: 2,084

    You're going to have to re-attempt the AVG antispyware part because it says that there was no action taken, remember to have it quarantine its results.

    Also I didnt notice any antivirus software or firewall on your system, do you have any? If not get some, AVG free and Avast! are both good free options and zone alarm and comodo are good free firewalls.
     
  5. gajpr01

    gajpr01 TS Rookie

    Hi,

    As per the HJT report you can remove the following entries.
    O3 - Toolbar: etlrlws - {6990CA39-A0FA-4B4A-8C9A-E7E66518227C} - C:\WINDOWS\etlrlws.dll (file missing)
    O4 - Startup: ZIPscript.lnk = C:\NavPress\ZIPscrpt.exe

    Then boot the computer to safemode and run the complete system scan and quarantine or delete any infections found.TO do this you must have an Anti-Virus running on your computer.
    To restart the computer in safemode.
    Turn ON the computer and start tapping F8 immediately without any delay.
    Then select Safemode and hit enter twise.
    Logon as ADMIN.
    Run the complete system scan.
    Disable all the start up items and enable only those which you are aware of.
    To do this
    Click on start-->Run--> type msconfig and click ok.
    You will see the System configutation utility.
    Click on "startup" Tab on the top and then uncheck all those entries which are suspicious.
    Once the scan is done reboot the computer to regular mode and open the Internet Explorer and disable all the Add-Ons.
    Open IE-->CLick on tools-->Internet options-->Programs-->Manage ***-ons-->from the drop down list select-->Add-ons that are currently loaded in Internet explorer and select each one of them and select disable.
    Reopen the Internet Explorer.
    Please post the results once you are done with the above steps.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Its better to use your normal account. You should also view all hidden files and folders before you run the complete scan, and while your there do an antispyware one as well.
    Instead of this, open Spybot and Go to the tools sections, then start ups and make your choices from there, just dont stop any of the ones highlighted in green.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...