JS/Psyme found by AVG

By usedKar
Aug 4, 2007
Topic Status:
Not open for further replies.
  1. Hello. I had this popup on AVG I have followed all advice on malware removal
    Here's my logs.
    Nothing on avgRoot.
    2 dll found changed on AVG scan plus 3 files sent to vault.
    Note i did not delete the 2 file that avg listed as,"Changed"
    C:\Windows\system32\kernel32.dll result Change status Changed
    C:\Windows\system32\drivers\ect\hosts result Change status Changed

    ALSO..I could Never get Adware SE to install..system error message and closed
  2. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

    Let me know if you wish to format or clean.

    Regards,
    Your friendly momok =)

    This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. usedKar

    usedKar Newcomer, in training Topic Starter

    Hello and Thanks.
    I'm a bit confused..I have already..followed the cleaning instructions and posted my Hjt file after procedure in the above thread.
    Is the highjack txt incomplete?

    also I have run 3 complete scans with AVG and at least 3 each of Spybot and avgspam prg with no threats shown...This after intial cleaning.
    Thanks again,,standing by for reply
    Aloha
  4. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    You have not posted an AVG antispyware log. Please do so in your next reply.

    Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

    [​IMG]

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode and the ComboFix log from the instructions earlier as attachments into this thread.

    Regards,
    Your friendly momok =)

    This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

    Attached Files:

  5. usedKar

    usedKar Newcomer, in training Topic Starter

    Oh!..Thanks! Heading to work now..will procede with instructions tonight..Take care.
  6. usedKar

    usedKar Newcomer, in training Topic Starter

    Here goes..new files..
  7. usedKar

    usedKar Newcomer, in training Topic Starter

    Hello? help please...
  8. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Have HijackThis fix this entry:

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    Also, please download this file HERE.
    Open it, and extract the Hosts file into this folder:

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    Note: it goes into the ETC folder, not a folder of its own in the ETC folder.
    When prompted to replace your hosts file, click Yes.

    Apart from that, your logs look clean. Are you still facing any problems?

    Regards,
    Your friendly momok =)

    This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  9. usedKar

    usedKar Newcomer, in training Topic Starter

    Things seem to be ok.
    Thank you for your HELP!!!
    here's my latest hjt file.
  10. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your HJT log is clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  11. usedKar

    usedKar Newcomer, in training Topic Starter

    Aloha
    Mahalo
    Thank you.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.