All 8 Steps Completed. Virus Poped up straight after

[blacksky200]

My brother's computer was not working, He used my computer one evening to download a load of music files. Next thing I new, my virus-free Dell Laptop has virus. I was getting AVG resident shield alerts about tracking cookies and my IE 7 that i dont use (I use Firefox3) had adverts popping up!!

Without wasting time I deleted all the music files and carried out the 8STEP proceedure. After one whole day i complted all steps and as soon as i opened IE to post this, the AVG shield popped up with the same tracking cookie alerts.

I followed all the steps religiously including de-activating my Norton 2008 and AVG 8 Free ed.

Please please help me bring my computer back to the clean state it was in as the paranoid me dont even want to connect it to the internet and not use it for anything,

Kind regards
SY

I run Vista Business on Dell Inspiron 6000

The last AVG alert showed:

 

[Bobbye]

I followed all the steps religiously including de-activating my Norton 2008 and AVG 8 Free ed.

That is referring to Real Time Protections like TeaTimer in Spybot or AdWatch in AdAware> Please turn you AV back on. However, Just one of them, not both. you should only run one AV program.

Questions:
Is this your ISP?> IP 202.56.215.55
descr: ABTS DELHI,
descr: Broadband and Telephone Service 224,Okhla Phase III,
descr: New Delhi
descr: Delhi
descr: India

There is a proxy server set up for Qwest Communications Corporation IP 63.149.98.20:80

Internet Explorer is branded for Sky Broadband (that's UK, right?)

Otherwise, I don't see anything in HijackThis.
Please run a full system can with whatever AV you're keeping. Save the log and attach to next reply.

When you answer my IP questions, I'll know where to go fron here.

 

[blacksky200]

Hi Bobbye

Thank you very much for looking into the reports and for your reply.

I was a bit unsure about what Real Time Protection was so disabled my AVG and Norton for the that time period. I do not have any RTP software installed as I have never been able to find one that feels 100% safe and trustworthy. Can you recommend one?


The IP address is for Airtel Broadband services in NewDelhi, India. I went there 2 years ago and used their broadband services. I am based in UK and use Sky Broadband, and hence the branded IE. Can I de-brand it?

I used a proxy server over 18 months ago to connect to my university's Intranet. I am not too sure if this is the same proxy but I don't need it anymore.


I have tried to run the AVG complete system scan and it has come up with no infections found. Also, I have shut down the system and rebooted again and found no popups. Even AVG has not been raising alerts.

Again many many thanks for your help.

 

[Bobbye]

It would be best if you let HijackThis remove those IP connections you no longer use:

Open HJ to 'do system scan only'
Check following:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 63.149.98.20:80
O17 - HKLM\System\CCS\Services\Tcpip\..\{228B92BE-F19B-4ADB-8BFD-C36B3A6A312B}: NameServer = 202.56.215.55,202.56.215.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{228B92BE-F19B-4ADB-8BFD-C36B3A6A312B}: NameServer = 202.56.215.55,202.56.215.54

Close all Windows except HijackThis and click on 'Fix Checked.'

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTCleanIt by OldTimer:
Save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:

• Go to Start > All Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
• Click "OK" to select the partition or drive you desire.
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.

Empty the Recycle Bin when through.

Please let me know if you need any more help.

 

[blacksky200]

Thanks a lot

Hey Bobbye

Just wanted to say thank you very much. All seems to be working fine......

I tried the OTCleanIt.exe but it did not remove any of the tools even after it restarted the machine.

I have created a System Restore point.


Bobbye, I had another problem. My brother was only using my laptop because:

He had cracked copy of Norton Antivirus 2008, yet updated Norton by mistake which disabled Norton. He tried "completely uninstalling" Norton but ended up deleting some crucial system files and registry keys. The windows now, would not boot. When switched on, the screen with Microsoft Corporation comes up but then it goes blank. I had created Recovery Discs (2parts) but it does not boot or recover off them either.

Could you please help me or direct me to the correct forum?


Many thanks

 

[Bobbye]

You're the second person today who said OTCleanIt didn't work- I'll have to check into that. Remove as much as you can through Add/Remove Programs in the Control Panel. Then use Windows Explorer (Right click on Start> Run> Programs) to find the program folders- then right click delete on those you find.

So your brother pirated an antivirus program!

He had cracked copy of Norton Antivirus 2008, yet updated Norton by mistake which disabled Norton.

An antivirus program isn't much good if it can't be updated. Perhaps he got a just reward. Sorry, but I don't know of anyone here who supports piracy.

I suggest you keep your system and his system totally apart because he will be riddled with malware.

 

[blacksky200]

Thanks a lot for your help Bobbye......

 

[Bobbye]

You're welcome. Let me know if you need more help.