Another problem: fake security icon?

[sajth]

Once again i've encountered another problem with this computer. There used to be a fake security shield icon on my bottom right tray before i followed the removal steps. There were also random pop ups to download software. I've attached the required logs. Also, there is this toolbar on IE thats labelled Security Toolbar 7.1, which i cant seem to remove. Your help is greatly appreciated, once again.

 

[momok]

Hi,

You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

1. Go to start > run and type msconfig. Press the enter key.
   Search for the following services and disable them by unchecking the box beside their names.
   
   user32.dll
   rare
   
   Press OK but do not restart your system yet.
   
   
2. Go to start > Control Panel > Add and Remove Programs.
   Remove anything related to the following:
   
   Video ActiveX Access
   
   
3. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
   
   O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
   O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
   O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
   O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
   O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
   
   Close HJT.
   
   
4. Navigate in Windows Explorer and delete the following files and folders in bold.
   
   C:\WINDOWS\system32\myqlejy.dll
   C:\Program Files\video activex access
   
   
5. Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of sajth only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[BlackScarlet]

You may consider using ToolbarCop to remove sticky toolbars.
http://www.scancomplete.com/download/toolbar-cop-3.3/


Also, when you scan, be sure to restart your pc in safe mode first. Make sure you disconnect your internet while you do this, because some malware can contact its server to say 'hey, im being deleted, replace me'.
The reason why you want to go into safe mode is because in normal startup certain malware cannot be removed because they are constantly 'in use' by some unknown source. In safe mode the system is loaded with minimal drivers and no startup programs, etc, which almost guarantees the file will not be in use.

Files in quarantine are safe and cannot harm your computer.
Also, don't be afraid to try and manually delete malware if your scanner is having a hard time with it, to see firsthand what error messages you might get, which give a very good indication of why it can't be deleted, at that time. If your scanner gives you the exact file and path, to the system file or registry key, then you needn't worry about ****ing anything up by deleting something you shouldnt have, because you will only be deleting that malware file or folder.

Let me know how that goes.
=)



~BlackScarletLove~