Antivirus 2009 recruiting scam

[wolver]

My sister opened a link and my other computer was attacked by spywayre. I managed to get rid of most of it, using Adaware, and a few actual viruses using McAfee, but there are still two I can not get rid of.

Trojan (Scan after Restart)
Trojan (Can Not Be Removed)

Also, there is this little bubble in my tool bar with the clock that comes up saying somthing along the lines of my computer has a security breach, and when you click it, it comes up with a Antivirus 2009 add to download. Also, there are pop ups to do with downloading Antivirus as well, and my google searches are being redirected when I click on the links.

Anyway, I need to know how to get rid of these.

Virus Scanner

Adaware
McAfee

Operating System

Windows XP

If you need any more information, let me know, I don't know what's relevant. Thanks for your help.

Wolver.

 

[kimsland]

Click=> UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

 

[wolver]

Okay, thanks I will work on that and get back to you.

 

[wolver]

Ok so i followed the iunstructions on the link you gave me. I know it took me awhile, but that is partially becasue I have had other things to do and this computer is ridiculouly slow right now.

Here are the log files.

My computer is still being rather slow and choppy, but I have gotten rid of a number of things using those three programs.

 

[kimsland]

Well done.
I can't see any Virus\Malware as such. But you can open HJT and tick and fix the following:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

It's amazing howmany services are needed for McCafee to run though
I have no idea how computers can run smoothly with this product (or Norton)
It certainly does an excellent job (even though you did get infected )
If you want my opinion, uninstall it, and try a better (ironically) solution-> Avira

You also have DAEMON Tools running at every startup (another horrible program that causes many games to crash)
In my opinion, un-install it, or at least stop it from starting with fixing this entry:

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

A couple of printer services are starting too, but many users enjoy this, I tend to remove just about all startups, except Antivirus

Seeming you did have a few removals by Malwarebytes, it's requested that you:
Re-open Malwarebytes
Update again (third tab)
Then run a full scan again (1st tab)
Sometimes (often) when malware is removed, Malwarebytes needs to be run again, to remove the hidden malwares (discovered on the second scan)

Anyway, restart (ideally after doing all the above) and reply back with how it's all running (that'll be nice )

 

[wolver]

Well, I am actually still having issues. Its still rather slow, and whenever I scan I manage to come up with more things, a couple trojans, and some less dangerous devices.

I did everything you said, and it began to run smoother, but Like I said, its still a little messed up.

Any suggestions?

Oh, by they way, I have McAfee on my laptop, I installed it on here after it got infected becasue this computer didn't have one.

 

[kimsland]

McAfee again!

What about Avira?
it's free
it's fast
and it doesn't have all those startups and resource hogging going on

 

[wolver]

I do have avira on this computer now.

 

[kimsland]

its still a little messed up

Well aren't we all

Sorry, I better log off
The truth is I couldn't think of anything, and I saw that, and thought, is that normal or not?

 

[wolver]

Not normal.

I am still finding trojans and other such stuff. This last scan I found 3 things that I didn't know what on earth they were, and 4 trojans. One was named TR/Dldr.Agent.wdc .

This should all be done with by now. Its like they are getting in easier somehow now.

 

[kimsland]

No they're being uncovered

Malware writers make Malwares that hide other malwares !
Therefore sometimes (actually often) you need to scan multiple times with Malwarebytes, until all gone

 

[wolver]

I wonder, can viruses hide viruses? Oh well, I will keep working on it and get back

Thanks for your help thus far.

 

[kimsland]

Not sure, I don't think so

Actually No

 

[wolver]

OK, so Avira keeps showing me some warming after a scan, but it doesnt give me the option of doing anything with them. How do I get rid of them?

Alos, no malware on my computer, or atleast anti malware isn't finding any.

 

[kimsland]

You will need to open the main Aira program window, and then check in reports as to what specifically was scanned or not removed, or gave warning to.

Please note if the scan reports states that c:\ pagefile.sys could not be opened, this is quite normal, and can be disregarded

 

[wolver]

Here, I wil show you the warnings that I got then, I opened the report.

[WARNING] The file could not be opened!
C:\Documents and Settings\Default\Local Settings\Temp\JVM2.tmp

[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Default\Local Settings\Temp\JVM3.tmp

[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Default\Local Settings\Temp\JVMC3.tmp

[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Games\Stwars_Galactic_Battlegrounds\Stwars_Galactic_Battlegrounds\swbg.ace
[0] Archive type: ACE

That means nothing to me, have any ideas? Is it nothing?

 

[kimsland]

Just run CCleaner
No issue

Some files in one of the temp folders could not be scanned
And one archive couldn't be scanned fully (probably too many subfolders or something)

No issue

 

[wolver]

Okay, So, I've been working with it. And, drum role please, I think I fixed it!

Its fast, there's no sign of anything malicious or that shouldn't be here. It only took me a month and a half, but hey.

Thanks so much for your help, I coulnd't have done it alone. My mom was surprisedI actually fixed it, she was assuming she would have to take it in when I finally gave up.:approve:

Anywhoo, thanks!