Need help with virus

Status
Not open for further replies.
I am receiving several popups which leads me to believe that my machine is infected. The messages are exactly the ones in tariqalimohamed's thread (unable to link since I'm a newbie), but I figured in case there were unique issues on my own machine that my own HIJackThis log should be posted and gone through.

Can someone assist?

Thanks for your help.
 
Stop this startup and uninstall:
C:\Program Files\Trillian\trillian.exe
Filename: trillian.exe
Description: Added by a variant of the AGOBOT/GAOBOT WORM!

Remove this: O8 - Extra context menu item: &NeoTrace It!
It's one source of the pop-ups.

Winsock LSP- ALL of these are Winsock hijackers (010)

you're showing 21 Registry startups (04)- WAY too many! Stop hat you don't need to start at boot and run in the background

You have a very high number (16) of non-Microsoft services running (023). This can be a security risk so check all and determine if they are legitimate and need to be running.

You are running AdAware 2007, SpyCatcher, Spybot S&B and it's Tea Timer in Real Time, AVG anti-spyware, More than 1 in Real Time can cause a conflict.

You have a large number of server and network processes running. Do you use them all? Are they secure?

This is just a head start to give you an idea of what's going on. Jobeard will be along to "officially" go through your log and direct you are removal options.
 
Here are the current logs. I went though those instructions and still have pop-ups referring me to buy that fake anti-spyware stuff.
 
CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\Documents and Settings\rrowe\Local Settings\Application Data\da81a7b7.exe
C:\Documents and Settings\All Users\Application Data\oxctkpuh\eryfopwt.exe

Folder::
C:\Documents and Settings\All Users\Application Data\oxctkpuh
C:\Documents and Settings\All Users\Application Data\oxctkpuh

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"da81a7b7.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"G6r8FMtua3"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnkijg]
pmnkijg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winztq32]
winztq32.dll

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.


Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.
 
Status
Not open for further replies.
Back