Virus?

[notechie]

Okay, so I just noticed this error message when I open SuperAntiSpyware, it says Windows has encountered a problem...it needs to be closed. Also, (I don't remember the exact numbers) another window pops up with something like 0123940912348.exe has encountered a problem (or something like that). Also, another strange thing is when I type in Avira or Avast in Google and hit enter, the Internet Explorer window closes. Not sure if this happens with any other keywords.

Sorry, if this post is a little bit vague, if you need additional information in order to help me, feel free to ask. I am not much of a computer techie, but I will do my best to answer your questions and to follow your instructions on how to get rid of this thing.

Thanks you

 

[kimsland]

Do not run System Restore under Virus\Malware infection
System Restore is usually the first to be hit with infection

Have a look at:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

However SuperAntispyware is one of those very DODGY ones which are actually more spyware than anythin else.

do you know how to do a system restore?

Umm this is really bad advice WinSoft technol
Best you do not advise of these types of threads again
I'll have to check your other posts now, in case you have written other totally incorrect info

 

[notechie]

Well, like I said earlier, I cannot open SuperAntiSpyware.

I also cannot download HJT, or any of the free versions of the software mentioned in the "8 things you should do if you have virus/malware" post. For some reason, when I click to download/or click on those links, Internet Explorer closes, as if the virus doesn't want me to!

Anyways, I attached this error log, so maybe you can help? Hopefully this log can help.

 

[kimsland]

Please try "Safe mode with networking"
Accessed by tapping F8 key before Windows startup
Log on to your Administrator account
Then run the 8-step process

 

[notechie]

I tried doing that, but the same thing happens like in the regular mode.

Also, there is another error that says xltp.exe has encountered a problem and needs to be closed. Basically, I get a lot of those "has encountered a problem and needs to be closed" errors.

 

[kimsland]

If you cannot get into Safe Mode (this is a tad unclear at this point)
You may need to physically remove the internal Harddrive, and mount it i another working PC as a secondary drive, then scan it from there

If you can actually boot up (in Safe Mode or other)
You can run MSCONFIG and stop any startup programs from starting with Windows

 

[notechie]

Maybe you misunderstood. I am in Safe Mode right now, but I still cannot complete the 8-step process, because whenever I try to click on those links to download HJT and the other free software, it won't allow me to. I do not have that software and the only software I have is SuperAntiSpyware (when I downloaded it a while ago), but I cannot open that now.

I downloaded the CCleaner though, but it didn't do anything useful (as far as I am concerned).

 

[notechie]

I think the Safe Mode also has the option of going back to an earlier date (System Restore), so should I try that or no?

 

[kimsland]

Thanks for the extra info

Special case where trying to install or run MBAM and SAS does not work
https://www.techspot.com/vb/post706661-2.html


Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[notechie]

Hey,

Just a question about Safe Mode. In Safe Mode, can you actually run programs? Because after when I copied the contents in the fixx.txt (from the "special cases" link you directed me to) into the comand prompt, I tried opening SuperAntiSpyware, but then it said to choose a program to open it with.

I was able to download Avira, so I think it's not blocking the anti-malware programs anymore

So now do I just go into regular non-safe mode and try opening the programs and run the scans?

Sorry. I don't know much about computers!

 

[kimsland]

You can run them in Safe Mode
Or you can update them in SafeMode with networking
But installing them, will need to be done in Normal mode

Please note: Normally all these programs are run and scanned in Normal mode, unless otherwise stated

 

[notechie]

Okay, I finally managed to download MBAM and HiJackThis, and get SuperAntiSpyware to work (had to do some renaming, and the link you provided for special cases and Fixit3 helped...but it took me a while to make sense of the instructions). I might also add that this was very difficult and at points I was frustrated (IE not working, redirecting links, and then the computer screen turning blue), but I made it...

So now are the attached logs. I hope my computer is clean. It probably might not be 100% clearn, but that's okay, I will follow your instructions.

PS - Another computer is effected (on the home network, or I put my flash drive in that computer), so I will attach those logs in a follow-up post.

 

[kimsland]

Malwarebytes has updates to a new revision since last you used it
Inside Malwarebytes is an Update tab, which will allow you to check for updates (basically it will download and automatically install the new revision, then update normally)
Seeming it only took under half an hour to scan your computer, you may want to try it (although it may in fact not find anything anyway)

You have a "Host" file entry:

O1 - Hosts: 69.72.171.146 messenger.hotmail.com

listed in your HJT log, normally this is not required (ie tick and fix this in a new HJT scan) But you may have entered manually, or for some reason, so just letting you know.



Rescan with HJT and tick the boxes next to the following, then select fix all

O2 - BHO: (no name) - {5794FF2F-2507-4EF4-867A-01CF6D18967C} - C:\WINDOWS\system32\nnnnKbYo.dll (file missing)
O2 - BHO: (no name) - {725a9f41-39fa-456a-9022-c00422adb18d} - C:\WINDOWS\system32\ssqOETjg.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [netconfig] C:\WINDOWS\system32\netdata.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL zvawxe.dll idwnya.dll wbdmqw.dll
O20 - Winlogon Notify: ddabfbcfade - C:\WINDOWS\system32\ddabfbcfade.dll (file missing)

Restart

Clear & Reset System Restore's Cache

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

Then let me know how it seems to be running now

 

[notechie]

Well, when I click on SuperAntiSpyware program (the one that's not renamed), it still pops up saying, "SuperAntiSpyware Application has encountered a problem and needs to close. We are sorry for the inconvenience."

Also, in Internet Explorer, it doesn't display images (although flash banners work), or is this just a property of the anti-malware software protecting me?

About the MBAM updates, I did try to do that, and it says "...will now close and instal the latest version" but then I wait for a bit and nothing seems to happen. I double-click on the MBAM and then I check to see if it had updated, but it still says it last updated on 1-14-09. So I can't seem to update that program...

But I think it's better than it was before. I still suspect there might be some virus/malware still lurking around...

Also, do I show you the most recent logs? I ran the MBAM and SAS until it detected no viruses/malware. There was a problem at one point where I had to uncheck "use direct disk access" in SAS (it told me to do that). It actually found additional viruses/malware when it did that.

Okay, I was also bored, so I ran CCleaner again and it showed an error message, which I have attached.

 

[hirak94]

dont use spyware,popblocker,trojan remover type softwares...................this software are dangerous..........virus infect them first.......use a good antivirus and internet security................

 

[notechie]

dont use spyware,popblocker,trojan remover type softwares...................this software are dangerous..........virus infect them first.......use a good antivirus and internet security................

Um, I think you're wrong.

Anyways, I am going to now install the Avira Antivirus (which is the first step in the 8 steps), sorry I skipped this step. I hope it will detect something.

 

[notechie]

Okay, I think it's all fixed now Thanks everyone for their help!

Well, just in case anyone who had this problem (MBAM and SAS not being able to run, IE redirects, upon restarting computer takes forever to restart, then gets an error message saying it will shut down in 60 seconds)...do the 8 steps and if the virus/malware is preventing you from downloading or you cannot access the Internet, use a virus/malware free computer to download the necessary programs and then put it on removable media (CD, USB Flash drive, etc...make sure these are also virus/malware free). Then if you cannot dbl-click on the program, rename it, or make a 'copy' by right-click and copy and then paste...it will rename it to something like 'Copy of mbam-setup' and then do the 8 steps.

*I also recommend downloading ComboFix and Smitfraudfix for these types of problems. I think A Squared is also good too. Well that's what worked for me anyways. Well, I'm a newbie so don't take this advice too seriously.