TechSpot

please help AIM virus

By chocolate12345
Jun 6, 2006
  1. Hi, my brother was on AIM when his friend sent him this link that said something about a Myspace picture. He clicked the link, and although norton tried to stop him he permitted it. I went back onto the Norton Activity Log and he permitted these two files: C:\WINDOWS\wmiapsv.exe and C:\conf.com (I'm not sure if these are important files should I just delete them?)

    I've tried using AIM fix but the problem will not go away. It's sending this virus to everybody on the buddy list and then AIM just goes haywire. I then deleted AIM from the computer and did a regedit(?) and then installed Gaim (which was something that was recommended when I was googling this virus) However, the problem persists. I then followed the instructions here http://www.techspot.com/vb/topic50981.html but that conf.com file and wmipsv.exe files are still on the computer. Is there anyway to fix this?

    Thank you so much for your help
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    Viewpoint\Viewpoint Manager
    aol toolbar 2.0

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ViewMgr.exe
    links.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    O4 - HKLM\..\Run: [links] links.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

    Fix all 016-DPF entries.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    links.exe You will need to seach your system for this file.
    C:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.


    Regards Howard :wave: :wave:
     
  3. chocolate12345

    chocolate12345 TS Rookie Topic Starter

    Thank you so much for your help! I did everything you said, and attatched is the new log.
    thank you again! :)
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Just let HJT fix the following entries.

    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html

    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

    Other than the above, your HJT log is clean.

    Regards Howard :)
     
  5. chocolate12345

    chocolate12345 TS Rookie Topic Starter

    Alright I did all of that. But now I'm getting errors on the computer.

    "A device driver installed on your computer caused the problem; however, we cannot determine the precise cause. To troubleshoot the problem, see Getting help." --> popped up after logging in. I haven't installed anything new ever since ive done all this stuff. Should I just delete C:/conf.com?
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes Conf.com should deffinitely be deleted.

    Please post a fresh HJT log.

    Regards Howard :)
     
  7. chocolate12345

    chocolate12345 TS Rookie Topic Starter

    here's another hjt log.
    thank you sooo much once again!!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix this entry.

    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    Other than that your HJT log is clean.

    I also suggest you uninstall Stopzilla, as it`s not a very effective programme and just uses up system resources.

    Regards Howard :)

    This thread is for the use of chocolate12345 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...