LimeWire Self-Reopening & Iexplorer Spam/Pop-up's

[jokerschild584]

:wave: Hello all,

This is my first posting to the tech spot. I know my fair part about computers, but seem to be running into a continuing problem. first, my lime wire keeps reopening itself, even after i shut it down (directly from the task manager) , secondly my internet explorer is giving me pop-ups now.

i hate to run on writing nonsense, but i feel i should better explain myself. so someone can understand my situation. I currently have Avast security, and i ran, and found nothing. so as a temporary repair i disabled Internet explorer so i don't continuously get pop-ups (i don't use internet explorer anyways .. i use Mozilla-Firefox). and secondly , i relocated the lime wire installation from the C:\ to another drive i have. I did this simply for temporary repair.. So whatever is attacking my computer, simply recognizes the installation of lime wire to the C: and its root name, but when i removed it and installed it into another drive, the lime wire no longer kept opening its-self.

Like i said, i did this as a temporary repair, but i fear my problem may get worse,

can anyone please help me

Mel,

 

[evilfantasy]

If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HijackThis (HJT), Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.

 

[jokerschild584]

I did the --------- Viruses/Spyware/Malware, preliminary removal instructions

I installed and ran the programs (AVG, CCleaner, SmitFraud, Virtumundo, VundoFix, Aaw2007, Combo Fix, HJT,SS&D, Panda, etc..) accordingly as described in the list/instructions provided,

Thank you very much,


also please note: NO RootKits were found by Panda,

and in this thread/posting .. if i did it correctly should be the 3 log files that were mentioned

 

[evilfantasy]

Lets see if we can get this the rest of the way cleaned up.


Open HijackThis and select Do a system scan only then place a check mark next to:


O2 - BHO: (no name) - {8D906006-04C8-40DE-8ACE-6ACE3A99B9CA} - C:\Program Files\Windows Plus\mevohC:\WINDOWS\system32\doc4\mmildot83122.exe.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


Close all windows except for HijackThis and click Fix checked

----------

Download ViewpointKiller

* Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
* Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
* If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.

Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

----------

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\ripd1
C:\WINDOWS\system32\rex2
C:\WINDOWS\system32\doc4
C:\WINDOWS\system32\daSgo05
C:\WINDOWS\system32\bbc5
C:\WINDOWS\system32\ashell3
C:\Temp

File::
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\QTFont.for
C:\WINDOWS\system32\vbzip10.dll
C:\n.bat
C:\WINDOWS\system32\ljjhhfe.dll.vir
C:\Program Files\Windows Plus\mevohC:\WINDOWS\system32\doc4\mmildot83122.exe.dll

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D906006-04C8-40DE-8ACE-6ACE3A99B9CA}]

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

----------

Next post please attach
combofix log
New HijackThis log

 

[jokerschild584]

I did the --------- ViewpointKiller & CFScript

Thank you so much ,

i attached the logs files you requested of HJT & ComboFix

 

[evilfantasy]

Looks good.


Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.

Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.

1. Double click OTMoveIt.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. You will be prompted to allow the clean up procedure, click Yes
5. When finished exit out of OTMoveIt

-----

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

----------

This is a good time to clear your infected system restore points and establish a new clean restore point:

• Go to Start > All Programs > Accessories > System Tools > System Restore
• Select Create a restore point, and click Next.
• Next, go to Start > Run and type in cleanmgr
• Select the More options tab
• Next to System Restore click Clean up...

This will remove all restore points except the new one you just created.

----------


How is the computer running now?

 

[jokerschild584]

I think im finally done

Thank you O SO MUCH evilfantasy ...

as they would say "your my hero"

my computerseems to be running better than ever.

i reinstalled limewire to its original C: location, and it no longer pops up by itself
and i enabled Iexplorer again, and i have yet to get my first pop-up ...

THANK YOU SO MUCH ..

i wish there was some way i could repay you guys/girls ...

p.s. ... can i uninstall some/all of the programs i installed within the

Viruses/Spyware/Malware, preliminary removal instructions

HAPPY HOLIDAYS...!

 

[evilfantasy]

p.s. ... can i uninstall some/all of the programs i installed within the

Viruses/Spyware/Malware, preliminary removal instructions

OTMoveIt took care of all of them that should be removed. You can uninstall any of the others if you wish.

Glad it is working OK!!!!

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?



Safe surfing..........