I'm in need of Tech Support Advice. Ive been reading these posts and answers for people that have been infected with the PSW.x-Vir trojan. I too have caught this disease and now my puter is sick ~ makes sad face ~ . I have tried everything I could think of. I went into my " C " drive and tried to delete the file but it says " Error cannot delete this file may be in use by another program." It also says " Violates user agreement ". I currently have the McAfee Internet Security Suite installed and running on my system. When this trojan moved in I was supposedly protected by this Anit-Virus program. I have ran many scans and yet McAfee has not destroyed it. I keep getting these annoying pop-ups and a small shield in the lower right hand corner of my system. It has currently created a new folder in my registry " C " drive called " Video ActiveX Access " . I tried to delete the entire folder and yet its still alive. ~ Again makes sad face ~ . I even tried to send the contents of this folder to the McAfee shredder , it just laughed at me .. ~ raises eyebrow ~. Is there anyone here that can save me from going crazy please ???

Hello and welcome to TechSpot.

It sounds like you are infected with the Zlob trojan.

Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If you decide to clean your system after reading the above thread, do the following.

Go and read the Viruses/spyware/malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, ComboFix, and AVG Antispyware logs as attachments into this thread, only after doing the above. Also post here the results of the AVG Antirootkit scan.

Regards

This thread is for the use of Untamed Desirez only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

Hello & Glad to be here.
I currently have " McAfee Internet Security Suite " installed on my system. If I download the " AVG " wont it be in conflict with my current Anti-Virus/ Anti-Spyware protection ? I have also ran a scan with the link provided in step # 3. It completed the scan and found infectuous parasites. When I clicked on " Clean " it shut down my entire browser.

Yes, McAfee and AVG could cause conflicts if installed at the same time. I recommend removing McAfee, but it's up to you. Please let me know what you decide.

Yes I will uninstall my McAfee I mean after all it didnt protect me as it should have. ~ Raises eyebrow ~. I'm on step # 8. I will be uninstalling McAfee before I reboot in safe mode.

Thank you.

No problem. Just follow all the instructions and then post the requested logfiles.

Regards

I seem to have a problem. I just went to my " Set Program Access and Defaults " - " Add and Remove Programs " to uninstall my McAfee and it is no longer showing as a program in there so @ this point I am unable to uninstall it. I also noticed that a few of my other programs are no longer listed in there. Do you have any suggestions on how to fix this problem ? Should I just proceed to step # 9. Also I just rebooted hoping that it was a mere glitch in my system and hoping that upon rebooting the programs that were not showing in my " Set Program Access and Deaults " - " Add and Remove Programs " would be restored. However to my dismay they are not. On top of everything else the little blinking shield that was producing the pop-ups is no longer there but the dat file is still on my " C " drive .

Hmm. Is McAfee still running?

Just skip the parts about AVG Anti-Virus and Anti-Spyware and post the ComboFix and HJT logs.

Regards

This thread is for the use of Untamed Desirez only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

Yes it appears to be running. It is not currently scanning but when I click " Open Security Center " it says " Yes you are protected ". So I assume it is active. I have just completed step # 9. I ran the cleaner several times. When I logged onto the cleaner " ALL " boxes were already check marked with the acception of " ADVANCED " none of those boxes were check marked. So I of course took the liberty of checking them, Now hoping I was supposed to ~ Raises eyebrow ~

On step # 10 it says download and run these tools with the directions given on each of their web sites. Unfortunately step # 2 does not come up as a web site but only as a download box. It has the options of " Open " " Save " " Cancel " and " More Info " . It shows the file name as : VirtumundoBeGone.exe file type : Application From : Secured2k.home.comcast.net. So now my question is how will I know what to do with this application if there is no Web Site attatched ?

CCleaner contains an Uninstall tool. Try to uninstall McAfee using that.

As for the VirtumundoBeGone.exe problem, just download the file and run it. The resulting logfile will be located on your desktop under the name VBG.txt. Please attach that logfile into your reply, as well as fresh HJT, ComboFix, and AVG Anti-Spyware logs.

Regards

I just went to the cleaner and it does not have McAfee listed as a program there either. So I'm just going to proceed.

Thank you

I have a question about tool # 1 . It says that it can create a report about the infected files. It tells you how to reboot in safe mode and clean the files am i supposed to do this or just go and get the log ? Tool # 1 is SmitFraudFix.exe . Which tool is the HJT ? Which one is the ComboFix ?

If tool #1 in Step 10 found bad files, then follow the instructions to boot into safe mode and remove them.

HijackThis is in Step 4. ComboFix is in Step 12.

Regards

The AVG didnt find anything and it did not create a report. Im unhappy to say but the little annoyting shield is back on my computer. I just finished step # 12 and these are the results :


What should I do now ?

Attached Files

ComboFix Results.txt (10.0 KB, 3 views)

Hi,

Please complete the remaining steps and post all requested files, and results of the AVG anti-rootkit scan.

Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of Untamed Desirez only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Attached Files

Combofix-Do.txt (1.9 KB, 9 views)

I just completed the hijackthis scan and here are the results. I still have this annoying little blinking sheild in the lower right hand corner. I also ran the AVG AntiRootKit and the results came back with nothing found. I have also attatched a result of the AVG AntiSpyWare results. The Ad-AdAware would not allow me to run it in SAFEMODE so when I rebooted in REGULARMODE it said that it had errors so I @ this point have been unable to run that product.

Attached Files

	hijackthis-results.txt (6.4 KB, 4 views)
	Report-Scan-20070702-051726.txt (3.5 KB, 2 views)
	Report-Scan-20070702-054431.txt (500 Bytes, 2 views)

Unfortunately I am misunderstanding what it is that you want me to do with the ComboFix because I saved it to the folder marked " CombFix " on my " C " drive and when I opend that folder there were no other contents in it with the exception of the file that you have just told me to save there.

Hi,

Have HijackThis fix these entries:
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSYYYYYYYZUS
O22 - SharedTaskScheduler: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - C:\WINNT\system32\nuqjici.dll

Where are you running ComboFix from? (ie where is your combofix.exe located?)
Save the attachment from my previous post into the same folder. Then drag the Combofix-Do.txt icon over onto the ComboFix.exe icon and let go. This will run ComboFix via my instructions.

After that, post the resultant ComboFix log as well as a fresh HijackThis log in your reply.


Regards,
Your friendly momok =)

This thread is for the use of Untamed Desirez only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

To be really honest I don't know where its located. The folder named " ComboFix " is located in " C " . But the contents of the folder are empty. I am currently @ work and unfortunately do not have access to my computer. I saved the copy of the scan results to my " DeskTop " . I believe there is also a document called " Quarantine " in " C " that ComboFix also created.