This thing is still downloading the same malware. Or the tools aren't removing it.
Update Avira and run a full scan with it, let it remove anything it finds
Keep your recycle bin empty
========================================================
KillBox
- Download KillBox and unzip/extract it to your desktop from HERE
Boot into safe mode and have hijackthis fix these entries, with nothing else open.
You may want to copy this into notepad and save it to your desktop so that you have it while in safe mode
==========================================================
You are now in Safe mode and should have from HERE DOWN saved into a notepad.
Make sure teatimer is disabled:
Disable Teatimer
- Right click the Spybot -SD Resident Icon located in your system tray, Select Exit Spybot - S&D Resident
- Open Spybot S&D
- Click on Mode at the top and make sure that Advanced is checked
- Expand the Tools tab in the left pane
- Single click on the Resident Icon also in the left pane
- Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
- Close spybot
==========================================================
Launch Hijackthis now from safe mode, and check the following:
O2 - BHO: (no name) - {c5af42a3-94f3-42bd-f434-3604832c897d} - (no file)
O4 - HKCU\..\Run: [12CFG94-z641-2SF-N31P-5M1ER6H6L1] C:\RECYCLER\S-1-5-21-7661557338-4881073579-043968640-8610\winigon.exe
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [jsg8jfgfdfhfhf] C:\DOCUME~1\JOJO'S~1\LOCALS~1\Temp\winlogun.exe
O4 - HKCU\..\Run: [xsjfn83jkemfofght] C:\DOCUME~1\JOJO'S~1\LOCALS~1\Temp\winlogin.exe
O16 - DPF: {cafeefac-0014-0002-0000-abcdeffedcba} -
O16 - DPF: {cafeefac-0015-0000-0011-abcdeffedcba} -
O20 - Winlogon Notify: vtUnlKDW - C:\WINDOWS\
O20 - Winlogon Notify: zaimmnid - C:\WINDOWS\
Close any windows, and
click Fix Checked.
Close hijackthis.
---------------------------------------------------------------------------------
Still in safe mode:
- Launch Killbox and place a check in 'Delete on Reboot'.
- Click on All Files instead of single file.
In the 'Full path of file to delete' box,copy and paste each of these:
Code:
C:\RECYCLER\S-1-5-21-7661557338-4881073579-043968640-8610\winigon.exe
C:\WINDOWS\System32\rs32net.exe
c:\documents and settings\JoJo's 'puter\Local Settings\Temp\winlogun.exe
c:\documents and settings\JoJo's 'puter\Local Settings\Temp\winlogin.exe
C:\WINDOWS\System32\vtUnlKDW.exe
C:\WINDOWS\System32\zaimmnid.exe
C:\WINDOWS\System32\vtUnlKDW.dll
C:\WINDOWS\System32\zaimmnid.dll
- Then press the red button with the white cross. Click no when it ask to reboot until you have pasted them all.
- A confirmation box pops up asking if you want to reboot now. Select Yes
If it doesn't reboot automatically,reboot manually.
-========================================================
Now let it restart into normal mode, run a fresh scan with hijackthis
Also let me know if Avira found anything.
Attach the hijackthis log scanned after the reboot to normal mode, and we can go from there