Virus Problems!! [Hijack log attached]

[bluelizard09]

I tried scanning and removing viruses using adaware, spybot, avast, AVG, and registry mechanic, but most of the same trojan viruses keep showing up in the list. I am trying to prevent myself from having to go through another reinstalling process so if someone can help me please say so. The avast scanner says that the trojans are in temp file.. if that helps. I am new to this so if you need any more details let me know. I have attached Hijackthis log file with this post.. I hope you guys can help

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of bluelizard09 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bluelizard09]

Here are the logs...

Ok I did everything you said and I have attached all the logs that I got. I ran AVG Anti-RootKit but it did not find any rootkits. The rapport.txt is for Look2Me-Destroyer and the VBG is for VirtumundoBeGone. Thanks alot in advance!

 

[howard_hopkinso]

You didn`t attach an AVG Antispyware log as requested. Please do so in your next reply.

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\System32\vghptarc.dll
C:\WINDOWS\System32\cgwfscit.dll

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\System32\ltchqnsp.dll (file missing)

O2 - BHO: (no name) - {B07CB267-5E6F-441F-9B3C-324EFE70F897} - blank (file missing)

O2 - BHO: (no name) - {D4320265-339F-4818-82D8-FC701079D577} - C:\WINDOWS\System32\vghptarc.dll

O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\System32\cgwfscit.dll",setvm

O20 - Winlogon Notify: cbxusqo - cbxusqo.dll (file missing)

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log as well as an AVG Antispyware log.

Regards Howard

This thread is for the use of bluelizard09 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bluelizard09]

Logs

Thanks I feel the improvement already! I am sorry about the attachment but I have attached the AVG Anti-Spyware log to this post. I also ran HJT after that and has attached the log too. Thanks for the fast response to the messages, I appreciate it alot.

 

[howard_hopkinso]

Your HJT log is now clean.

Delete all files in AVG Antispyware quarantine.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of bluelizard09 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bluelizard09]

Thanks

Glad to hear that! Although, I got a few questions... I was wondering if I could also delete the VundoFix backups (C:/VundoFix Backups/)? I was also wondering if Registry Mechanic is any good? and last one... there is one software in Add/Remove programs that I cannot delete as the folder was erased earlier, is there any way I can delete that off the list? Thanks alot for helping me out... :grinthumb

 

[howard_hopkinso]

Yes, you can delete the Vundofix backups.

Registry Mechanic is a good programme, but as with any other registry programme, you need to know what you`re doing. Deleting registry keys without knowing what they are can cause serious problems.

Run the Ccleaner programme and click the tools button. Highlight the entry you want to remove and click the Delete Entry button and close Ccleaner. Reboot your system. the entry in your add remove programmes list will now have gone.

Regards Howard

This thread is for the use of bluelizard09 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bluelizard09]

Thanks but...

ok thanks... I did everything as you told me and it worked. Although I came across a new problem:dead:. When I go to control panel and run Windows Firewall, it gives me this message "Due to an unidentified problem, Windows cannot display Windows Firewall settings". I searched for an answer online and found this page . Mine is Case 1 but it keeps saying that it could not find the firewall command. Is this is nothing much to worry about or something corrupted by a virus? Thanks in advance...

 

[howard_hopkinso]

Quite frankly, the Windows firewall is utter rubbish. You`d be far better of with one of the free firewall programmes below.

Zonealarm or Kerio free firewall programmes.

Regards Howard

This thread is for the use of bluelizard09 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[bluelizard09]

hmm

Thanks for the recommendation! lol