PC antispyware

By mick123
Apr 1, 2008
  1. Hi all

    I got a problem with pc antispyware telling me that my computer is infected with viruses.

    i tried a few thing to remove it but nothing helped, so if anyone can help me out it will be great.

    Ill attach my highjack this as well.


    Attached Files:

  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Please follow these steps in order

    1)Go to
    Go down to step 10 and use tool2 and tool3

    2)Download and Install SDFix
    • Download SDFix and save it to your Desktop.
    • Double click SDFix.exe and it will extract the files to %systemdrive%
      (Drive that contains the Windows Directory, typically C:\SDFix)

    Run SDFix
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

      This thread is for the use of mick123 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
    • Attach Report.txt back here

    3)Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    4)Afterwards run a fresh scan with Hijackthis and attach that log here as well
  3. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    HI Blind Dragon

    Thanks for your reply. i followed the step and will attach them here.
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    getting better, did any of the symptoms go away from those fixes? There is still a bad entry in the log

    Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Run these 2 tools
    Tool1 Tool2

    Then run a fresh scan with Hijackthis and attach log here with rapport.txt
  5. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    HI Blind Dragon

    Some of the symptoms were still there, just got another one while posting.

    Followed the steps and will attach reports.

  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
  7. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Done the scan and heres the report. still got symptoms
  8. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    working on your fix, but be patient with me I stayed up through the night working on logs so am getting very tired.

    Did you open/forward some ports on purpose?

    "10421:UDP"= 10421:UDP:
    "10426:UDP"= 10426:UDP:
  9. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Ill try the test again. I wasnt prompted to type in 1 anywhere
  10. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    No i done nothing like that
  11. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Done the test again still wasnt ask anywhere to press 1
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder



    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
  13. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Here are the reports
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    Go to Start -> Control Panel -> Administrative Tools -> double click Services

    Stop the stllssvr
    service from running by right-click it and choose Stop. Right click it again and choose Properties. In the Properties dialog box that appears, choose Manual from the Startup Type drop-down list and choose Disabled.

    Go to start -> all programs -> accessories -> command prompt => type
    sc delete stllssvr

    Do you still have symptoms if so what are they?

    We need a 2nd opinion also

    :Run Kaspersky Online AV Scanner:

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
  15. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    So far no sympton.

    Doing the online scan now and looks like it will take awhile.
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    yes it does, but it is very thorough which is why I recommend kaspersky. The only downside is that it can't fix anything but once you post the log we will be able to see whats left on there
  17. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Yeah not a problem but if i dont post it when it finishes it because i fallen asleep and will post when i wake up or after work tomorrow

    Thanks for your help
  18. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, sounds good. Make sure to get it up though. After you are clean we need to secure the work that we have already done
  19. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    Heres the report. Do i just close kaspersky.

    Still no symptoms
  20. kritius

    kritius TS Guru Posts: 2,084

    Looks good, all the infected files are in quarantine or system restore.
  21. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    yea, nice job mick123.

    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.


    Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

    Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

    1. Double click OTMoveIt2.exe to launch it.
    If using Vista Right-Click OTMoveIt and choose Run As Administrator
    2. Click on the CleanUp! button.
    3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

    * When finished exit out of OTMoveIt2

    Any more problems?


    I recommend you keep
    1 anti virus program
    1 firewall
    Spybot S&D, Adaware 2007, and MBAM

    keep them updated.

    You can also turn on tea timer in Spybot:
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • check Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

    And just to be extra sure...

    Set correct settings for files
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please check Hide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

    clear system restore points

    • This is a good time to clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
  22. mick123

    mick123 TS Rookie Topic Starter Posts: 39

    :grinthumb Hi blind dragon.

    Have had no problems with my computer.I do what you said in your last post and the computer been fine.

    Thank for all your help, ill now know where to come when i have a problem.

    Once again thank you
  23. mick123

    mick123 TS Rookie Topic Starter Posts: 39


    I have been using the computer for awhile now and have just received a message saying that an ip address is conficting with another.

    Any ideas about that
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Do you have static IP addresses set up or do you have DHCP enabled?

    Do you have more than 1 computer on a network?

    Do you have a wireless and wired connection?

    I will ask joebeard to look at this thread as he is the expert with stuff like this, I was thinking of having your run a fixreg file to add a line to the registry to stop the conflict but I think it best if joe looks at your reply.
  25. jobeard

    jobeard TS Ambassador Posts: 9,145   +597

    Blind Dragon asks:
    Do you have static IP addresses set up or do you have DHCP enabled?
    Do you have more than 1 computer on a network?
    Do you have a wireless and wired connection?​

    It would be an easy mistake to have one system using DHCP and another with a static
    address that conflicts.

    Unless you have an active port forward in your router, make life easy by using
    DHCP everywhere.

    Otherwise, every systems IP address needs to be verified that the last
    digits in the address are
    1- unique
    2- not 0,1 or 255

    disconnect ALL systems, then connected one at a time and use
    ipconfig /all

    if any system disconnects, then the LAST system connected is the culpret!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...