Completed 8 Steps for Virus Removal

[Texaus]

Greetings,

Experiencing trouble with PC. I've done the 8-steps a while back on a different machine and it worked like a charm.

Logs that are attached are after 2 or three go-rounds with MBAM and Avira. First time M-Bam and Avira were ran they found and removed many nasties. Is PC clean now.

This pc has two user profiles. Internet explorer works just fine on one of them and will not load web pages on the other. Outlook still sends and receives on both profiles, so don't think it's a connection issue. Did not do this before infection so I think I still have something hangin around.

Much Thanks!

 

[touch]

Hello Texaus

Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

Choose one of the servers at Majorgeeks....save the file on your desktop

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Reboot, attach new hijackthis log and tell how things are running ?

 

[Texaus]

Thanks, will do after weekend when back at pc in question.

 

[Texaus]

Downloaded and followed directions for HostsExpert using user profile that IE works with. Rebooted and IE still no worky on other profile. Tried running HostsExpert from that profile and received following error: "ERROR: Cannot create file C:/windows/system32/Drivers/ETC/hosts"

Attaching new log...

 

[touch]

Have you the administrator account on that profile ? It is necessary you have.

 

[Texaus]

Yes, both profiles are designated "Computer Administrator".

 

[touch]

Ok. Open C:/windows/system32/Drivers/ETC/hosts with notepad and copy the content of the file in next reply.

 

[Texaus]

Here you go....

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

 

[Texaus]

After a little more thought I think I should clarify what was done with HostsExperts a little better...

I downloaded and ran HostsExperts from the "good Internet" profile - it worked fine. I then rebooted and tried internet on other profile; internet explorer still did not work, so I tried running HostsExperts again from "bad internet" profile - this is when I received error that I mentioned. I think the error might be happening because of the fist time I ran HostsExpert I ticked "make read only". The files HostsExpert messes around with are common to both profiles, correct?

 

[touch]

The files HostsExpert messes around with are common to both profiles, correct?

Correct

The Hosts file looks normal.

I assume we are on the other profile now ? If we are, I´ll suggest you run the 8 step guide, and attach the log´s.

 

[Texaus]

Here are the new logs...

 

[touch]

They looks clean. How are things running on this profile ?

 

[Texaus]

It runs fine and I have no doubt it's clean now. However, ie still does not work on that one profile. I'm guessing the malware changed something around with the settings and I need to somehow figure out what.

 

[touch]

What happen excactly, when you will run IE, and which version is it - IE7 or IE8 ?