Earlier today I was struck with numerous pop-ups coming from both Firefox and IE. I ran my AVG and detected a few trojans, as I suspected. Afterwards, I ran through the 8 steps listed on the forum, and have my logs attached. Since running the cleaners, I haven't noticed any pop-ups, and am hopeful all is well again.......

I used my updated AVG A/S, Malaware, and HJT.....

Can anyone review my logs and confirm? As I mentioned, I have had no further pop-ups, but I want to make sure all is well before I write this one off....

Thanks in advance!

As I'm sure everyone is busy - it seems a lot of folks are having similar problems - I just wanted to renew my request to have someone look over my logs......your help is much appreciated.

Thanks again

Attached Files

	mbam-log-2008-12-28 (23-12-58).txt (4.5 KB, 5 views)
	Report-Scan-20081228-212751.txt (938 Bytes, 2 views)
	hijackthis12-28-2008.log (12.8 KB, 5 views)

hey man...theres a post down the page that will help u out...have a look @ it..n see if it helps...ill grab link for ya

Sagipsul pop up windows

check that

Thanks woodsy - I got all that. I've followed the standard directions and am just looking for someone to check my HJT log to make sure it's clean....

-> No action taken on MBAM scan, for found issues
Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"

By the way, you will need to then restart, and run (and attach) a new HJT log

New logs for your review.......

Last time, I think I saved before and after I removed all the baddies. Don't know why, and don't know why I sent that particular one.....

Attached Files

	hijackthis1-2-2009.txt (12.9 KB, 1 views)
	mbam-log-2009-01-02 (01-09-02).txt (850 Bytes, 1 views)

Please un-install AVG Anti-Spyware 7.5 (and any other AVG installed on your computer
Install Avira instead, and run a full scan

Done.

As it turns out, I got hit again in the meantime. Gotta love it.

Thanks in advance!

Attached Files

	mbam-log-2009-01-03 (20-22-06).txt (2.0 KB, 1 views)
	SUPERAntiSpyware Scan Log - 01-03-2009 - 21-13-02.log (1.1 KB, 0 views)
	hijackthis-1-3-2008.txt (10.3 KB, 1 views)
	AVSCAN-20090103-163812-18C841F0.LOG (18.5 KB, 1 views)

Of the many issues in your HJT log, please run it again, tick this entry and then fix it
Un-install Window Washer (CCleaner is much better )

Un-install SuperAntiSpyware

Run CCleaner again

Restart

Run the Norton Removal tool

Start up Malwarebytes again
Update it <= notice how this gets its own line
Then run another full scan
You need to run this multiple times, until all hidden Malwares are uncovered and removed

1. Fixed the last HJT issue
2. Uninstalled Window Washer and SAS
3. Ran Norton Removal Tool
4. Ran CCleaner until no issues found
5. Updated Malawarebytes and ran until no bad guys found (2x)

Latest logs attached.

Thanks!

Attached Files

	hijackthis1-4-2008.log (9.9 KB, 1 views)
	mbam-log-2009-01-04 (00-11-23)2nd run.txt (1.1 KB, 1 views)
	mbam-log-2009-01-04 (02-05-33)3rd run.txt (851 Bytes, 1 views)

Well done

But sadly still issues

Please re-run HJT and place a tick next to the following, then select Fix:
Before restarting run: the McAfee Removal Tool
Then restart

Done.

Fixed all issues and used mcafee removal tool.....

Attached Files

hijackthis1-4-08 2nd run.log (9.6 KB, 1 views)

Sorry still issues!

Run HJT, tick and Fix:

Download Combofix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save it to somewhere, where you can easily find ie C drive

Restart your computer to Safe Mode (pressing F8 before Windows starts)
Once in Safe Mode, locate and double click on ComboFix.exe
This may take up to 10 mins to finish, ther are some prompts to agree to, and your Desktop may reset a couple of times (all normal)

When finished, restart back to normal mode
Create yet another HJT log, and this time supply a Combofix log too

Edit:

Doh!

Locate C:\Program Files\Vongo folder and delete it

Done and Done. Logs attached.

Thanks!

Attached Files

	cflog1-4-2008.txt (23.5 KB, 1 views)
	hijackthis1-4-2008 am.log (8.9 KB, 1 views)

Daaamn!
Did you also remove the folder C:\Program Files\Vongo as stated above, from Safe mode?

Yep, got rid of it in safe mode. Still showing up on the latest HJT log.

Vongo came installed with the laptop when I got it. One of those packaged software programs.....

Attached Files

hijackthis1-4-20084th try.log (9.2 KB, 1 views)

I found this reply from HP Support from someone else who wanted to get rid of Vongo:
If this does not resolve the issue, you may have to manually delete the files.
To do that:
Now, run the Windows Installation Cleanup Utility, this will remove the registry entries for the Software.

You can download the Utility here: http://support.microsoft.com/default...b;en-us;290301

The Windows Installer CleanUp Utility does:

• Provide a dialog box where you can select one or more programs that were installed by Windows Installer. You select the programs on the Installed Products list in the Windows Installer CleanUp dialog box. After you make this selection, the utility removes only the Windows Installer configuration information that is related to those programs.

• Remove the files and registry settings that make up the Windows Installer configuration information for programs that you select.
[/QUOTE]
I notice the AskBar is still loading:
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
Have HijackThis remove the entry, the click on FlxChecked and boot into Safe More:
Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK any Ask bar processes> Apply> OK.

Control Panel> Add/Remove Programs> UNINSTALL any Ask related entries.

I suggest you also check and have HijackThis remove the following:
When rebooting into Normal mode, ignore the nag message, check 'don't show this message again.' Stay in Selective Startup.

Update Java:
Update Adobe:
The following will help the Cookie and pop-up problem in Firefox:
1. Open Firefox> Tools> Options> Privacy section> Cookies> UNCHECK 'allow third party Cookies'.
2. Put the following add-ons on Firefox:
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
Easy List: http://easylist.adblockplus.org/
(get all three)

Alright. Updated Java and Adobe Reader (couldn't get 9, still w/ 8.1.5 or something like that. Firefox crashes when I try to download 9.

Fixed all that was mentioned in HJT. I had already deleted the Program Files/Vongo folder before, uninstalled over a year ago, and still can't find any trace of anything related other than what keeps popping up on FF....

Otherwise, I am having no problems with pop ups. I installed Comodo, so hopefully that'll help keep me from getting hit a third time.

Thanks for all your help,

Eric

Attached Files

hijackthis1-4 2pm.log (9.5 KB, 1 views)

Well, we're making progress, but Vongo is still around- we've both had you remove this in HijackThis, but it is still loading:
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')

Did you run the Windows Installer CleanUp Utility? That should allow you to remove the process from the Registry.

This McAfee entry remains:
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab>>McAfee Security Download Control

Since it's an Active X entry, try this:
Open IE> Tools> Manage add-ons> look for any McAfee entry and highlight> disable.

IF the pop-ups return, consider removing the Weather Channel.

Remove the clean up tools:
Clear your existing System Restore points and establish a new clean restore point:
[quote]
Let us know if we can be of help in the future.