TechSpot

Winantivirus pro 2008 removal help

By Johng2437
Jul 2, 2008
Topic Status:
Not open for further replies.
  1. can someone plase help me get rid of this spyware..also it wont allow me to run any kind of spyware scanner did a virus scan and nothing showed up
     

    Attached Files:

  2. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Before I can have you fix anything I need you to install Hijackthis to it's own folder

    Yours is installed to your desktop - the reason for this is because if hijackthis is not in it's own folder we wont have any backups to restore from if something goes wrong

    So go to my computer -> C:\ -> create a new folder called hijackthis and move the .exe file there. After this run a new scan and attach so that I can see this has been done
     
  3. Johng2437

    Johng2437 TS Rookie Topic Starter

    i think i did that right.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Hi Johng2437,

    That is correct now backups will be created in the C:\hijackthis folder

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    ---------------------------------------------------------------------------------

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
      O4 - HKLM\..\Run: [dcbac316] rundll32.exe "C:\WINDOWS\system32\emrmsuwy.dll",b
      O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
      O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
      O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
      O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
      O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} -
      O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
      O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://D:\games\WebDriverFullInstall.exe

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    -------------------------------------------------------------------------------

    Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\system32\emrmsuwy.dll

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.

    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

    --------------------------------------------------------------------------------

    After reboot

    Malwarebytes' Anti-Malware

    • Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Attach MBAM log with fresh Hijackthis
     
  5. Johng2437

    Johng2437 TS Rookie Topic Starter

    thaks for the help/....for some reason it wont let me get to that Malwarebytes' Anti-Malware page.to download.however did the other things here is another hijakthis log



    EDIT--i was able to get it found 41 infections and delted them log added
     
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 4,048

    Good work.

    Disable Teatimer
    • Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
    • Open Spybot S&D
    • Click on Mode at the top and make sure that Advanced is checked
    • Expand the Tools tab in the left pane
    • Single click on the Resident Icon also in the left pane
    • Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
    • Close spybot

    -----------------------------------------------------------------------------------

    Have hijackthis fix these missing active X entries just like before.
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
    O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} -
    O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
    O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -


    -------------------------------------------------------------------------------------

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.