TechSpot

Need help with the removal of virus - What else can I try?

By Josh_Benner
Sep 5, 2006
Topic Status:
Not open for further replies.
  1. I've had some viruses/trojans/spyware on my computer for a few days now and they just won't go away. I've tried AVG, Ewido, Trojan Hunter, Smitrem, Smitfraudfix, Look2Me Destroyer, Rogue scan fix and combofix but to no avail.

    I've seen ishost.exe, issearch.exe, isnotify.exe and ismini.exe in task manager and i've run scans with the ulilities mentioned above and they say they have removed them but they keep coming back.

    Also, every few minutes ewido and avg pop up saying virus/spyware found and i click heal/quarantine but they keep coming up again and again.

    Here is what they pop-up with:
    Adware.Toolbar888
    Trojan.Starter.65
    Downloader.Zlob.aig
    Adware.Generic
    Adware.Softomate
    Trojan horse Pakes.U
    Downloader.Obfuskated
    Trojan horse dialer.28.A
    Trojan horse Downloader.Generic2.CXP
    Trojan horse Downloader.Generic2.JVP
    Trojan horse Downloader.Generic2.JVQ

    Is there anything I could do?
    Thanks in advance

    I have attached my hijackthis log aswell.
     
  2. Rik

    Rik Banned Posts: 4,985

    You can search for and remove them with regedit if you know what you are doing.
     
  3. Josh_Benner

    Josh_Benner TS Rookie Topic Starter

    I have used regedit before but I don't know what to remove in this case.
    Could you give some guidance please?
     
  4. tomrca

    tomrca TS Rookie Posts: 1,051

    hi Josh_Benner.
    go here. be sure to follow all the instructions within the posting,(using all the scans does show in the hjt) then post a fresh hjt log and maybe your ewido scan report too.

    are you running a firewall? doesnt seem to be one active.
     
  5. Rik

    Rik Banned Posts: 4,985

    I'm happy to guide you but, you must first understand that regedit can seriously screw your system up and is more than capable of completely killing it beyond any chance of recovery (apart from a re install that is).

    The use of regedit is a serious risk to your pc if you are not 100% sure of what you are doing with it.

    Removal of "pests" in this fashion can lead to other problems and/or popup warning messages.

    If you wish to remove "pests" with regedit you do so at your own risk.

    Having said all that, I'm willing to help if you are happy with the risks.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html



    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    SigXC

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    SigX.exe

    Close task manager.

    Run a full system scan with your antivirus programme and delete whatever it finds.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKCU\..\Run: [SigXC] D:\Programs\SigXC\SigX.exe

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    D:\Programs\SigXC

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Go and follow the instructions in this thread HERE.

    Post fresh HJT and Ewido logs, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. Josh_Benner

    Josh_Benner TS Rookie Topic Starter

    I have done everything you said Howard and have attached a new HJT log and a ewido report.

    Tomrca, you are right, I am not running a firewall. I shall download one soon, after I have sorted out this virus(es). Also, I have not done any of the scans listed in your link but I have done the panda online activescan. I will do a couple of the others later.

    And finally rik, I am happy to use regedit and accept the risk when using it.

    Thank you all for replying.
     

    Attached Files:

  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is clean.

    Get that firewall software installed ASAP.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. Josh_Benner

    Josh_Benner TS Rookie Topic Starter

    I'm still having these virus problems!

    I am also getting (forgot to mention this before) random pop ups from Internet Explorer (even though I always use firefox) saying things such as "Your anti virus software is inadequate. Press OK to download WinAntiVirus Pro" or something similar.

    I have attached a fresh Hijackthis report.

    Some of the viruses are in the C:\WINDOWS\Temp folder but once I get rid of them and clear out the temp folder, they come back soon after.

    Thanks
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    I can find nothing nasty in you HJT log.

    However, you should go HERE and follow all the instructions exactly.

    Let me know the results please.

    Regards Howard :)

    This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. tomrca

    tomrca TS Rookie Posts: 1,051

    hi josh benner
    there is some information here concerning win antivirus pro. perhaps you could check to see if any of there are any of these entries in you registry etc.

    what do you think Howard.

    i went to site where this was advertised and got a pop-up that covered the whole screen, but it was a web popup and not in my pc.
    this is what i got when i tried to access their site from my firewall/web filter,

    The Web site that you are trying to access has been blocked following the configurations set for the Web Site Filter.


    To view this Web site:
    - If the Antifraud Toolbar is available, click Manage Exceptions, and then select This address is always accessible
    - If the Antifraud Toolbar is not available, open the main console and add the address in the Antiphishing & Content Protection > Web Site Filter > Approved List




    Address:
    Type: Adware / Joke Program / Cookies

    Edit: Removed url
     
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Winantivirus is a real nasty programme and should be uninstalled from add remove programmes if you have it.

    It purports to be an antivirus programme, but in reality it floods the computer with malware.

    The Winantivirus website should be avoided like the plague.

    Regards Howard :)
     
  13. Josh_Benner

    Josh_Benner TS Rookie Topic Starter

    I have never downloaded winantivirus before and never planned to. I will definately avoid their website.

    Thanks for all your brilliant help, I'm pretty sure the virus has gone now.
    If I don't post another message, it's definately gone.

    Thanks again everyone!

    Josh
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.