Need help with (suspected) menagerie of viruses in PC - HJT attached :)

Status
Not open for further replies.
C

chrystals

Hi All,


I chanced upon this website while looking for a cure for my poor ole PC. The symptoms are fairly cloes to what some of the members have described:

1) Three unknown/uninvited desktop icons
- Error Cleaner, Privacy Protector, Spyware&Malware Protection
- Properties being the following link (http://virusprotectionproonline.com/shandler.php?sid=502&aid=398&said=0&pn=0&sg=1)

2) Several pop-ups that appear in a variety of ways
- In the taskbar as a red flashing X
- A Windows Security Alert
- A remove the LookSky trojan warning box
- And some others which I have forgotten
that forcibly loads the webpages safewebnavigate, softwarereferral, pccleaner, etc.

3) Programs switch from one to another seemingly randomly at intervals

4) My security software warning me that something is trying to change my homepage, BUT it is www.msn.com that is trying to hijack my homepage! :suspiciou


I have ran several checks with various softwares (Spybot S&D, AVG) while in Safe Mode and have removed close to 70 threats but these few remain. I would like to seek the help of more experience members of this forum as not using my PC is robbing me of my livelihood!

Thanks very much in advance for reading, and possibly lending a hand. Cheers!
 

Attachments

  • HJT Log 1.txt
    11.8 KB · Views: 9
Hi, chrystals, and welcome to Techspot :wave:

Take a look at the following threads to make your experience here as enjoyable as possible :)

Message for newcomers

Guide to making a good post/thread

The Techspot FAQ

If you could take a minute to fill in some of your profile information that would be helpful to other members of the forum too :)
Knowing someone's location in the world can be extremely helpful

With regards to your problem, read through the preliminary virus/spyware/malware removal instructions and post back with your logs and results :)
 
Hi and welcome to TechSpot.

There is a fair ammount of bad things in your HJT log.

You need to get rid of that Norton rubbish, here's how -

Download either the free AVG or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes from within this link - https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Then, disconnect from the net and completely uninstall Symantec/Norton. If you have any problems in uninstalling the programme, take a look at this thread - https://www.techspot.com/vb/topic57112.html

Once you`ve completely uninstalled Symantec/Norton, reboot your system and install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your system the required number of times and reconnect to the net. Run the antivirus updates.

Then you need to do the following-

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I'm no expert at this, but I have a rough idea of what you should do.
First check to see if anyone else has been using your computer.
Next, check Norton's last update. If its recent, your probably OK, but I think you should change to Kaspersy.
After that, get a better antispyware program, I recommend Spyware Doctor, and run a couple of scans.
Lastly, defragment your hard drive. Nothing wrong with a bit of spring cleaning.
 
The log shows several infections so doing what Leram Cain suggested wont be enough unfortunately.


This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hello!


After a long drawn out battle today, I certainly hope whatever was fiddling with my PC has been exterminated.

Quick report:
Antiroot, Vundofix, Virtumundo & Smitfraudfix all came up clean.

but.... i can't upload the logs as attachments for some reason. they come up as errors. any advice? :blush:

Thanks for all the help so far! :grinthumb
 
I need to know what error messages you get before i can help.
See if you can cut and past or write down the messages as exactly as possible.


This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your avg antispyware shows "no action taken".
You need to get it to delete all the threats before we do anything else.



This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

npkcsvc

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

npkcsvc.exe
PowerReg Scheduler V3.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - Startup: PowerReg Scheduler V3.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\npkcsvc.exe
PowerReg Scheduler V3.exe<Search your system for this file and delete all instances found.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and AVG Antispyware logs.

Regards Howard :wave: :wave:

This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okaayy.. I am now very embarassed. I saved the first report for AVG before I applied the actions. :blush: Sorry rik!

Have taken all your advices, and have attached the new logs. =) Thanks!
 
Your log files look clean.

Unless you`re having problems, you should be good to go.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of chrystals only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Latest posts

Back