PSW.x-Vir trojan latest verson

[AHoffsette]

Hi! My name is Adam and I took a bunch of computer programming classes in high school, and a couple of courses in university, so I know a little bit about computers. Yesterday, I started getting this message every time I connect to the internet about this spyware that is infecting my computer. I did some research, and from what I've gathered the spyware is a type of Trojan that collects and redistributes much of my private information. From what I have read, I believe that my system registry has been infected/altered, but I only know enough about my computer to know NOT to touch my registry without the careful assistance of a technician.

I joined this site in hopes of learning more about internet security issues such as this one, as I am an avid technology enthusiast. Tech is a beautiful thing eh? Anyway, I was wondering if anyone has any information about what I am being told by this blinking little yellow caution sign with an exclamation mark (I think that it's in what is called the system tray. The icon is located in the bottom right hand corner of my screen and displays currently running tasks such as my antivirus, volume control and time of day.) that says Security Alert: Spyware found in a typical alert bubble. It continues to say, "Your computer is infected with last version of PSW.x-Vir Trojan." According to my research this spyware is commonly called TrojanSPM/LX. Like I said before, I know just enough about computers to know when to get in touch with a professional.

If someone has had an encounter with this problem or knows someone who can point me in the right direction, I would greatly appreciate it. Also, I think this problem might be connected to a new program folder in my c:\program files directory, that is called MMediaCodec and contains files which I cannot delete! Any help is greatly appreciated. Thanks for taking your time to read this post!

AHoffsette:grinthumb

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of AHoffsette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[AHoffsette]

SS&D in Safe Mode

Hi Howard!

Thanks for the information to help me clean out my computer. I was in a panic for a while, but I feel very confident in your knowledge about computers and have been using it to make my computer feel better. After all, I think he was pretty sick.

I've got a question for you. I have gotten to a point in the instructions where I am not able to progress any further. I do not know how to run SS&D while in Safe Mode. I can open the program (SS&D) in safe mode, but the default window location is not on my screen, and I have no idea how to get to the window or change where it will be located when I start the program. I have tried to adjust my screen resolution, while in Safe Mode, but that doesn't work. I have also tried to move the bottom-left corner of the SS&D window near the start menu and then proceed to close the program, in hopes that it would change the location of the window when I reopen the program, but I opened the program with the 'default' icon so maybe that was the problem. Does this make sense to you? Please let me know if it does, and I will try some of my other ideas in the meanwhile.

I will make sure to keep you informed, and I eagerly await your reply. Thanks for the continued help and support. Both my computer and I greatly appreciate it.

Best wishes,

Adam

 

[howard_hopkinso]

As you are having difficulty with SS&D in safe mode, wait until you`re back in normal mode before you run it.

Regards Howard

This thread is for the use of AHoffsette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[AHoffsette]

:giddy: :wave: :haha:

Where we at now buddy?

Thanks for all of your great help, the requested files are attached.

Please let me know what you find from these things, and I anxiously await your reply!

Best of wishes,

Adam

:knock: <= Me working on my computer
:approve: <=Me approving of my thorough work
:grinthumb: <=Me giving How a big thumbs up for being such a great help!

 

[howard_hopkinso]

Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall. cab

O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - http://www.lojackforlaptops.com/ctmweb/testoc.cab

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab

Click on the fix checked button.

Close HJT and reboot your computer.

Other than the above, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of AHoffsette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[AHoffsette]

Why should I get rid of the lojackforlaptops thing? Lojack is my laptop anti-theft program that I run on my computer. Thanks for all the help!

 

[howard_hopkinso]

If you know for a fact that the lojackforlaptops entry is safe, then by all means keep it.

Regards Howard

This thread is for the use of AHoffsette only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.