no clue what happened but on Saturday my computer started freaking out and getting a pop up down on the icon tray with an exlimation mark in a yellow triangle and I'd get alerts like security alert:spyware found etc. sometimes it says somethign a little different about trojans and such. on my desktop was an icon that said somethign like IE internet securities and then something esle under it cant remember now its gone. And there was like some spyware thing cant remember but its not popping up anymore or as much. I've completed all the steps and here are my logs. i hope this isnt too bad and I can get rid of it without much trouble.

Attached Files

	hijackthis.log (12.0 KB, 1 views)
	mbam-log-2008-11-16 (18-58-42).txt (2.9 KB, 11 views)
	SUPERAntiSpyware Scan Log - 11-16-2008 - 20-42-27.log (3.5 KB, 8 views)

The Power of the TechSpot 8 Steps procedure.

If you notice the logs reported many found and deleted. We need to scan again with both to see if the first scan exposed any that mbam or sas could not see on the first run. Post these new logs

Once both come up clean then post another HJT log last after above.

Mike

MBAM is stale. Update tools.

ok I just redid it all it took a while. (the MBAM took like 3h 40 min)

everythign is running faster right now. BUt i'm still getting the little exclimation mark and yellow triangle it says (i'm typing this exactly as it is even with typos)
"System Alert: Malware threats your computer might be infected with a backdoor Trojan that allows the remote attacker to perform various malicious actions.
Click this baloon to download malware removal software."


also when I open IE all i get is a blank page then at the top it says about blank page or somethign like that.
and when I open firefox NOTHING loads at all.

Attached Files

	SUPERAntiSpyware Scan Log - 11-17-2008 - 13-50-57.log (4.5 KB, 3 views)
	mbam-log-2008-11-17 (12-27-29).txt (858 Bytes, 3 views)
	hijackthis.log (12.3 KB, 5 views)

can someone tell me if i attatched the right things?

Run HJT Scan only Select and delete these

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)

All clean good job.

Mike

ok done. do i need to attach files anymore?
i'm still getting that yellow triangle with the exclimation mark and the little bubble that pops up saying security alert spyware found.

Mbam log is clean.

SAS shows many Tracking Cookies. Remove these Tracking Coockies=Screen shot wil help.Cllick on any one SS to see ta and buttons.
[B]http://superantispyware.en.softonic.com/images
When you have finished, please
Reset the Cookies:
Reset Cookies: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

The people who have recommended other programs can handle an and removals.

ok maybe i'm dumb.. but when i ran SAS it still showed those even after i did th quarantine do i need to go in and hit remove for each one? I dont want to mess anythign up.

heres one of the other security alerts get it says.
"Security Alert: NetWorm-i.Virus@fp
Type: Virus/Network Worm
Damage Level : High
Description: Virus that infects executable files.
Advice: Delte/quarantine immediately.
Protection: Click this baloon to download certified Antivirus software."


it wants me to download ulitmate antivirus 2008 too

Please describe the difficulty you're having updating MBAM.
From log: Database version: 1306
Currently available > 1400

HJT tick / fix
MBAM version used may explain some of these residual effects

[edit]
I often use this to clean up loose ends. MBAM does the bulk of the work. This one goes after hard-to-get infections. The side-benefit is clean-up of loose ends. Mike or another specialist can evaluate these results if indicated MBAM did not properly handle the infection.
Combofix instructions courtesy of Blind Dragon
[/edit]

Did you follow the tabs shown in the image to remove the tracking Cookies?
Did you reset the Cookies?

The 'Worm' message you're getting is FROM rogue malware. Please do not click on anything to 'remove'.

For removal:
Download and run this: RogueRemover: http://www.majorgeeks.com/RogueRemover_d5360.html
Attach a log from it!

ok bobbye i'm downloading it now and will run scan after it installs


rf6647 when i run the update it takes a while and then gives me an error message. So thats as upto date as it lets me get.
and did you want me to do soemthign to the HJT? Sorry I know i'm a pain in the but(t)!

ok just finished the scan.. it says it couldnt do it all with the free version?

it wont allow me to attach the log because its too big... its (475KB, limit is 200KB)

Let's stay with Bobbye's lead. The tool found something,

On the icon for the log file that's too big, try to compress it; then see what the size becomes, post it if comes under the size limit.

Action to compress is a right click on the file icon > send to > compress (zipped) folder

ok.. here it is..
it said there were THOUSANDS of things.... this is not good and it just started happening on Saturday.

Attached Files

Scan.zip (51.6 KB, 5 views)

Okay, first thing you need to realize about scans: everything you see isn't malware!

What is the program that is in the zipped scanning log because the program isn't named. I can't see anything being removed just that it appears to be a scan of your entire hard drive. Just from a glance at "processes running" Half of those need to be stopped- they are valid but don't need to be running in the background unless you are actively using them.

I see what looks like name you gave to pictures and a lot of other stuff we don't need.

sorry thats the registry mechanic one that i was told to download and run the pc tools one? that rougue remover.

and how do i get some thigns from stop running in the background

all i had opened was IE and i htink my messenger may have been on.

There are many ways to control your startup applications in order to pursue this problem. Each way has its own limitations.

Choices:
1) Safe Mode with networking - some tools demand normal mode

2) Normal mode with changes via msconfig - limit internet activity to sites for resolving this problem. Stay away from casual browsing. Your added Internet security applications do not load (there are exceptions; too much to cover here)

How to:
Start > run > type: msconfig > {{choices to be made}} > exit > restart the computer > tick off the advisory message > use the tools (objective of this)

{{choices to be made}}

a) diagnostic startup > most basic level of functioning

b) selective startup > untick 'load startup item'

Don't know who told you to download Registry Mechanic- it wasn't me.