Suspicious Virus in my computer

[YTTan]

Hi,

I suspect my PC is infected by virus. Recently I found that my AVG anti-virus, which usually update automatically cannot be updated, and I can't access to my hotmail. Everytime I log in, it links to a weird page, it's like a page in safe mode, with these hyperlink on it "Free hotmail passwaord, Hijack hotmail, Free hotmail" etc etc.

I've uninstalled AVG and re-install but it's still an out-dated version. No virus was found. I found a suspicious file in my Temp folder, which changes its name evertime i restart my pc. I use a tools in Hijack this - "Delete a file on reboot".After several attemps, it still exist. I then installed a free Kapersky trial and unistalled all other anti virus program, and use the Hijack This tool to delete the files. It finally disappeared.

But, I still face some difficulties on access my hotmail. Sometimes ok, but sometimes not... I don't know if the virus actually still exist somewhere, just that I can't locate it...

I attached my Hijackthis logfile, can you help me to check if my PC is clean now.


Thank you very much for your helps.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Looks like you forgot to attach your HJT log.

Go and read this thread HERE and post a HJT log as an attachment into this thread.

Regards Howard :wave: :wave:

This thread is for the use of YTTan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[YTTan]

Hi,

Thanks for your remind.

Attached please find my latest Hijackthis logfile. Hope you can help me on this.


Many thanks.

 

[howard_hopkinso]

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

fix all 017 entries, only if you don`t recognise the domain.

Other than the above, your HJT log is clean.

If you still suspect a malware infection, please do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of YTTan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[YTTan]

Suspicious virus in my PC

Hi,

Thanks for your reply.


Attached please find the HJT, Combofix, and AVG spyware log after I follow the viruses/spyware/malware instruction.

The panda antirootkit show no rootskit.

However, I still face problem in updating the AVG spyware. I choose the manual update, and after extracting and running the updates, it shows "update completed", but my AVG spyware is still an out-dated version.

Execpt for this, most of the scan results show no or not serious virus/spyware. Hope that my pc is clean now.

Thanks in advance for your help.

 

[howard_hopkinso]

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.


Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\Valkyrie.dll
C:\Documents and Settings\g0600553\Application Data\GDIPFONTCACHEV1.DAT

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Also, please do the following.

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.

Let me know if you`re having any problems.

Regards Howard

This thread is for the use of YTTan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.