TechSpot

virus helpw32.myzor.fk@yf

By cheermom95
Oct 15, 2006
  1. Just this morning my computer went flipping crazy, get a critical systems error and when i click on it it is telling me that it is a W32Myzor.fk@yf virus that has affected my
    windows\system32\programfiles\internetexplorer\mydocuments\driveC:\files

    I am also getting a Spyware.cyberlog-x warning

    how do i get rid of this i have scanned with anti-spyware it quarentined and removed 6 item my virus software has recently been updated and when i run it it is showing me that there are no viruses

    can anyone please help me i am not the most computer smart person but i can find my way around...
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    I have moved your thread to the correct forum.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. cheermom95

    cheermom95 TS Rookie Topic Starter

    Hello,
    I have followed all the steps thank you I believe i got that stinky nasty bug off i think no more warnings .. thank you soo much... Here is my HJT log ran this morning after all was off please let me know what needs to be removed.. thank you again..
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with all kinds of crap, including a very nasty rootkit/trojan.

    Go and follow the instructions for the NTsystem.exe removal HERE.

    Once done, post fresh HJT and Ewido logs.

    Regards Howard :)

    This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. cheermom95

    cheermom95 TS Rookie Topic Starter

    hjt log

    Howard I have now ran that other program, I hope i am getting to the bottom of the junk, hopfully seems like a big pile of crap building up forever and ever... Here is my new hjt log, I how do i get to my ewido log?

    thank you for all your help
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s looking much better. However, we still need to get rid of some crap lol.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    lxamsp32.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

    O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)

    O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)

    O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)

    O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\system32\lxamsp32.exe

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Now go HERE and follow the instructions for renaming HijackThis.exe and how to post your Ewido log.

    Then, post fresh HJT and Ewido/AVG Antispyware logs.

    Regards Howard :)

    This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. cheermom95

    cheermom95 TS Rookie Topic Starter

    new ajt and ewido

    I hope we got it all.. makes me wonder if all this is on the computer what is on the other 2 comps that i have...omgosh... Thank you again for all your help, i hope we got it all

    let me know if there are more steps to take
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Very well done. Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...