TechSpot

Supposed Blackworm infection / WinAntiVirusPro 2006 popups

By Slugo
Jun 4, 2006
  1. Lately I have been getting different annoying popups from various websites. The main one is a window opening up stating an infection by the blackworm virus and when I close it it opens up another popup with the WinAntiVirusPro 2006 website advertsing. I have also been getting popups from adultfriendfinder and various other non-related/P2P websites as well.

    I run Norton AV, windows defender, Ad-Aware, and Spybot S & D yet this "infection" persists. I need step-by-step help in solving this issue.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    First go and run this removal tool from HERE. Be sure to read the instructions first.

    Then, go HERE and follow the instructions exactly.

    Finally, post a fresh HJT loig into this thread, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. Slugo

    Slugo TS Rookie Topic Starter

    The Symantec program didn't find the problem even though I ran it in safe and normal mode, but i'll post the HJT log anyways
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, that`s not a problem. Maybe you don`t have the Blackworm infection, but something else instead.

    Follow the rest of the instructions I gave you and we`ll see what we can do to get your system cleaned up.

    Regards Howard :)
     
  5. Slugo

    Slugo TS Rookie Topic Starter

    Here's my ewido and HJT logfiles
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go HERE and follow the instructions.

    Then, go HERE and do likewise.

    Post a fresh HJT log after doing the above.

    Regards Howard :)
     
  7. Slugo

    Slugo TS Rookie Topic Starter

    Look 2 me destroyer didn't detect anything
    Here's the fresh HJT log
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I only asked you to run the Look2me destroyer as a precaution.

    It was the Vundofix that was the main tool, as you had the Vundo infection. It has now gone.

    There`s not much left to do now, just a few more steps and your system should be clean.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    MessengerPlus! 3

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    MsgPlus.exe

    Close task manager.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll (file missing)

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

    Fix all 016-DPF entries.

    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

    O20 - AppInit_DLLs: MsgPlusLoader.dll

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files(if there).

    C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

    Reboot into normal mode and turn system restore back on.


    Regards Howard :)
     
  9. Slugo

    Slugo TS Rookie Topic Starter

    Do I check again "Show all files and folders, including hidden and system" thing or do I leave it like that?

    Is the problem fixed or do I post another HJT log?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, you can reset your folder view if you want to.

    You can post a fresh HJT log if you want, but your system should now be clean.

    Regards Howard :)
     
  11. Slugo

    Slugo TS Rookie Topic Starter

    Ok done thanks a lot ;)
     
  12. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It`s ok Tedster.

    It turned out that Slugo didn`t have the blackworm infection, he had the Vundo infection instead.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...