Pop up`s/Spyware problems.

[Erisl]

Sorry for the non-descriptive title but i didn't know what else to say. Im new to these forums, i came upon them while looking for help.

Anyways, lately im having a lot of problems with my computer. Every so often Norton internet security comes up and says that they found a virus but cannot delete it, then i press ok, and it just keeps coming back up. Also, if i try to end a process called svchost.exe (not the system one, a different one - there is usually like 5 svchost.exe's in the process list) then a little box comes up that says N Authority is going to shutdown my computer in 60 seconds, then it counts down from 60 and shuts it down when it reaches 0. One time norton said there was a trojan, and it couldnt delete it so, i rebooted in safe mode and tried to delete it but it still said accessed denied. If i leave my computer on for awhile, then i come back, there is usually like 15 ads all saying "your infected with spyware! go here now to get rid of it" and some other random ads. Any help would be appreciated, thanks.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go HERE and follow the instructions.

Post a fresh HJT log as an attachment, only after doing the above.

Regards Howard :wave: :wave:

 

[Erisl]

New HJT log.

Ok, my new HJT log, after completing all the steps.

 

[howard_hopkinso]

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type regsvr32 /u C:\WINDOWS\SYSTEM32\winmbj32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe (file missing)

Fix all 016_DPF entries.

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: winmbj32 - C:\WINDOWS\SYSTEM32\winmbj32.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\SYSTEM32\winmbj32.dll

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.


Regards Howard

 

[Erisl]

New HJT

New HJT log

 

[howard_hopkinso]

Go HERE and follow the instructions.

Then, go HERE and follow the instructions exactly.

Please post a fresh HJT log after doing the above.

Regards Howard

 

[Erisl]

New HJT log

New HJT log.

 

[howard_hopkinso]

You are correct, that this is the only nasty left on your computer.

Symantec/Norton has an alert and removal instructions.

Look HERE for further info.

Regards Howard

 

[howard_hopkinso]

You have not run the Ewido scan as instructed.

This is why you can`t get rid of that 020 entry.

You must run the Ewido scan and post a fresh HJT log and the Ewido scan log.

Regards Howard

 

[Erisl]

Completed Ewido scan, and HJT log

I completed the Ewido scan with all the steps you said. Here is the Ewido log and the HJT log.

 

[howard_hopkinso]

That`s fantastic. Your HJT log is now clean.

Well done.

Regards Howard

 

[howard_hopkinso]

Just as an update, so that others may possibly benefit.

Erisl pm`d me to say, that after running Ewido, the nasty 020 entry was no longer in his HJT log, but his antivirus software was still finding it.

With this in mind, I gave him the following instructions.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT and click on the config button, then the Misc Tools button. Click on the Delete file on reboot button and browse to this file C:\WINDOWS\SYSTEM32\winmbj32.dll. Click open. You will be prompted to restart your computer. Click Yes.

Once the computer has rebooted, turn system restore back on.

He later pm`d me to say this had been successful and his system was now clean.

Regards Howard