Hey, me agian, just did a virus scan with AVG and it turns out I had one more .bat virus in my system restore files, i turned on and off system restore to hopefully delete it but I'll do another scan tomorrow to see what happens.
And my internet goes back and fourth between not loading pages unless i refresh three times, and loading them fine, so i have no idea what is happening.

Hi,

I am not sure as to what could be the problem with your internet connection. Our member Jobeard is very experienced in such matters. I would suggest you PM him to take a look at your issue for assistance.

If you find malware related problems arising once more, post a fresh HijackThis, AVG Antispyware and ComboFix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

more and more problems now. i bought and installed kerio firewall. windows firewall didnt like it very much. it totally messed up my internet and it wouldnt work or anything so i uninstalled the kerio. but i when i rebooted it was still there. so i deleted the program file, took the registry entries out, delete the VPN, and it still says kerio firewall is on my computer, but only 1.06 mb of it. and everytime i turn on my computer the internet doesnt work unless i uninstall whats left of kerio, switch my ethernet cable either port 1-2 or 2-1. and then reboot. and then kerio is stillll there. anyone know how to completely get rid of it?

The Kerio firewall is much, much better than the Windows firewall.

Here's what I recommend.

Disconnect your computer from the Internet.

Click start->run, and type in firewall.cpl

Press Enter.

Click the Off (not recommended) option. Click the OK button.

Now insert the Kerio CD (or, if you downloaded it, just run the downloaded file). If the installer gives you the option to repair it, do that and follow all the instructions. If not, just try to reinstall it.

Please post here if it works or not.

Regards

Well, no matter what i do kerio is still somehow messing up my internet, i just really want to completely eliminate every last trace of it from my computer.

Hi,

As kitty suggested, kerio is a very good firewall. The problems you faced occurred because of conflicts with windows firewall (we never recommend running two firewalls at any one time because of such potential problems) It is up to you to give that program a chance though.

Should you wish to remove it totally from your system, please post a hijackthis log and combofix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

After doing some research and having some common sense, I changed my mind, I'm just gonna re-install kerio and hope everything works. Wish me luck.

Cool. I hope it goes well for you.

It is strongly recommended to turn off the Windows firewall before reinstalling Kerio. As momok said, your problem was caused by the two firewalls conflicting.

Regards

Installed Kerio again, internet didnt work, didnt want to put up w/ it so I uninstalled it and i had the same problems as before with the internet not working upon start up. Attached my logs. Just wanna get rid of Kerio.

Hi,

Your system has been reinfected.

The Kerio Winroute Firewall you have been using is designed for corporate use. I would be inclined to believe default settings are set to disable internet access for certain use, since the corporate settings requires office workers to not use the internet for anything other than official reasons. Therefore I would believe this to be the cause of your internet problems previously. The right firewall to use would be Kerio personal firewall, which is one of the best amongst 2 others I recommend for home users and comes out tops in several online reviews.

I also notice traces of AVG Antivirus Plus firewall on your system. Please let me know if you are still running that and if you wish to remove it. If not, I would still recommend you install a firewall (either of this 3 - Zonealarm, Kerio, Comodo)

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

1. Go to start > run and type msconfig. Press the enter key.
   Search for the following services and disable from startup by unchecking the box beside it.
   
   InstallShieldSetup
   InstallShieldSetup1
   WrCtrl
   
   
   1. Go to start > run and type services.msc. Press the enter key.
      Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
      
      Kerio WinRoute Firewall
      
      
   2. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
      
      O1 - Hosts: 66.98.148.65 auto.search.msn.com
      O1 - Hosts: 66.98.148.65 auto.search.msn.es
      O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{53550~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{53550~1\reboot.ini -l0x9
      O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{53550~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{53550~1\reboot.ini -l0x9
      O4 - HKCU\..\Run: [WrCtrl] "C:\WINDOWS\WinRoute Firewall\wrctrl.exe"
      O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\WINDOWS\WinRoute Firewall\winroute.exe (file missing)
      
      Close HJT.
      
      
   3. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.
      
      
      
      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.
      
      
   4. Reboot into normal mode and rehide your protected OS files.
   
   Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.
   
   
   Regards,
   Your friendly momok =)
   
   This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Here you go.

Hi,

I think you've posted the wrong ComboFix file hehe. Do post your ComboFix.txt in your next reply.
PS. Are you running the AVG Antivirus plus firewall?

Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

my bad, and no i realized that im not using any firewall right now so i turned the windows one back on.

Hi,

Please follow these instructions carefully.

1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached "avengerscript.txt" (from my attachment) and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the attachment avengerscript.txt you have just downloaded, click on it and press open.
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and ComboFix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

I followed all of the directions and when i use avenger and click the folder icon to locate the script the program closes and nothing happens. I also tried typing the path of the script in and it says it cant find it. Should i be in safe mode or something?

Hi,

This is very strange indeed. Have you tried downloading avenger again as well as my attachment? Put both files in desktop. The program does not need safe mode to run. If you still can't run it, please try it in safe mode to see if it works.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Tried doing it again and same thing happened, even in safe mode.