Two viruses

[Akai]

I have two or three viruses on my computer already, and I just formated *sigh*. I did a scan with NOD32 and it found two and supposely deleted one, but it was a system file.

The error NOD32 gave was

"File C:\WINDOWS\system32\winhost.exe is infected with worm Win32/SpyBot.APP. The file can be deleted. It is strongly recommended that you back up any crucial data before you proceed."

And I did another scan and it found another virus in a system restore file. So if anyone could help me out, that'd be great.

Here is the HJT log.

 

[howard_hopkinso]

It appears you`re not running any firewall software. Install one of these free firewall programmes.

Zonealarm or Kerio.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

WINHOST.EXE

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O1 - Hosts: 87.117.202.117 nprotect.roseonlinegame.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows NetConfig] WINHOST.EXE

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\winhost.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Akai]

Thank you Howard, I will do that in a few minutes. Quick question about the Firewall though. Before I read your post, I installed Kaspersky Anti-Hacker (firewall). Is this one alright to, or should I switch?

 

[howard_hopkinso]

The Kaspersky Anti-Hacker (firewall) is no longer available on the Kaspersky website. Therefore, I assume it`s no longer supported.

I recommend you go with one of the free firewall programmes I recommended in my post above, but it`s up to you.

Please post a fresh HJT log after following the instructions in my post above.

Regards Howard

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Akai]

Okay, all done. I uninstalled Kaspersky and deleted the registries and installed Zone Alarm.

Also finished the steps and here is my fresh HJT log .

 

[howard_hopkinso]

Your HJT log is now clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Akai]

Turned it off and back on.

Thank you Howard, you are the best .

 

[Akai]

I apologize for double posting, need to bring the thread back up.

NOD32 just found a virus and I clicked "Terminate" on it, so hopefully its gone. But if you could check to see if its still there, I'd be so glad. Here is a HJT log.

Thank you.

 

[howard_hopkinso]

Your HJT log is clean.

Take a look at this thread HERE. It`ll show you how you can make your system more secure.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Akai only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.