Stubborn adware...virus removal/protection software does nothing...

Status
Not open for further replies.
Hi,

So I accidentally clicked on a pop-up, which I usually never get, the other day and somethign immediately began downloading. My computer restarted immediately and I had SEVERAL adware programs downloaded that I couldn't delete through add-remove programs...so I went to do a system restore. Unfortunately the downloads had reset my restore point to right after they downloaded and reset my computer...wow!

I cleaned my computer up as best I could and eventually deleted teh main programs. Unfortunately I still get a lot of very annoying popups anytime my computer is connected to the internet. I've used the basic spyware and adaware programs that simply don't do anything.

Symptoms: popups that I sometimes can't close. some popups restart windows when I close them (the desktop seems to restart?). with task manager open, I see that every time I get a popup the cpu usage jumps up to around 50% when my computer usually runes at about 2-3%.

any and all help would be greatly appreciated. I would really like to fix this before finals week...so anytime before this Wednesday would be amazing.

thanks,

-Isan
 
Hello again.


You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.


This thread is for the use of jysan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
so in safe mode AVG didn't turn anything up so I just didnt bother with attaching a scan summary. The Panda Antirootkit also didn't show up with anything. Spybot and Adaware removed a few usual entries, such as cookie trackers and MRU lists... Thanks again for the help thus far!

-Isan
 
Attach a new HijackThis log in normal boot mode.

And delete the copy of combofix you have and install a new one to the desktop like the instructions stated.

Download combofix.exe
 
evilfantasy said:
Attach a new HijackThis log in normal boot mode.

And delete the copy of combofix you have and install a new one to the desktop like the instructions stated.

Download combofix.exe

sorry about not doing this correctly the first time...still not sure if I did but new logs are attached...oh the extra log from Deckard's scanner wouldn't attach for some reason.
 
Open HijackThis and select "Do a system scan only" and place a check mark next to:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - Winlogon Notify: pmslmtzl - pmslmtzl.dll (file missing)


Close all windows and click "Fix checked"

=====

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

File::
C:\WINDOWS\system32\qivfkbvp.dll
C:\WINDOWS\system32\rkmxuoks.dll
C:\WINDOWS\system32\fhvrfnka.dll
C:\WINDOWS\system32\vpthdphm.ini
C:\WINDOWS\system32\mhpdhtpv.dll
C:\WINDOWS\system32\beapvyhc.dll
C:\WINDOWS\system32\nyjplwyp.dll
C:\WINDOWS\system32\hustfaio.dll
C:\WINDOWS\system32\irlfkmtn.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini

Folder::
C:\VundoFix Backups

Registry::
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmslmtzl

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

CFScript.gif


* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

===

Next post please attach
combofix.txt log
New HijackThis log
 
sorry but my first log after doing the combofix click and drag 'thing' was lost...maintenance caused a power-surge in my building and my comp shut off right when I was saving the log...I repeated the process to be sure. The log attached is from the second time around. sorry about that...no pop-ups anymore...still running a tad slower but I think I definately could use a defrag and maybe another sweep or two. Thanks for help so far man...I REALLY appreciate it!

-Isan
 
Open HijackThis and select "Do a system scan only" and place a check mark next to:

O4 - HKLM\..\Run: [44a1bb5f] rundll32.exe "C:\WINDOWS\system32\mhpdhtpv.dll",b

Close all windows and click "Fix checked"

=====

javaicon.jpg
Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.

* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.

=====

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

combofixu3.jpg


Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

=====

It wouldn't hurt to do a final scan with SAS.

Download Superantispyware (SAS) SUPERAntispyware Free Edition

=====

Let us know if anything else comes up.
 
Status
Not open for further replies.
Back