TechSpot

My Hijackthis log

By helpmepleeeze
May 11, 2006
  1. I've done everything that was asked in the forum that tells you what to do before you post a log. I couple of scans came back and cleaned what I thought was the problem, but when I restart my computer I get a "real time infection alert" from my virus scan that I have been infected with Win32 Actux.A. It's a downloader trojan. My virus scan won't clean it off completly for some reason. It's a really annoying virus, as are many, but when I am on the web it has a million pop ups and will transfer me to sites on it's own. Can someone please help me. Thanks!
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint\Viewpoint Manager
    Desktop Messenger\8876480

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr_.exe
    BackWeb-8876480.exe
    VSL04.exe
    TrueInstallSBC.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost Fix this if you haven`t set this yourself.

    O2 - BHO: (no name) - {6C65171A-3D03-4126-A58B-C75B71D4CE2B} - C:\Program Files\Outlook Express\horedova.dll (file missing)

    O2 - BHO: (no name) - {6DA1733F-389D-4E38-BBFD-49A509D94D43} - C:\Program Files\Outlook Express\horedova.dll (file missing)

    O2 - BHO: (no name) - {DDC7D6AE-360F-488C-B5C6-96320DC12FE7} - C:\Program Files\Outlook Express\horedova.dll (file missing)

    O2 - BHO: (no name) - {E3950C54-3C41-4950-A94E-7037E161CB43} - C:\Program Files\Outlook Express\horedova.dll (file missing)

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\System32\VSL04.exe

    Fix all 016-DPF entries.

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WestAir.local
    O17 - HKLM\Software\..\Telephony: DomainName = WestAir.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6F560D7B-B884-49D9-96C1-60A530F22747}: NameServer = 192.168.1.250,64.192.0.10,64.192.0.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WestAir.local

    Only fix the above 017 enties, if they don`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\WINDOWS\System32\VSL04.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

    Reboot into normal mode and turn system restore back on.


    Regards Howard :wave: :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...