Help please

Ok, lets try this,

Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    Code: 
    D:\I386\Apps\APP19578\src\HPSummer2005.exe
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like this
    killbox.jpg
  • You will now get the prompt Files will be removed on reboot Do you want reboot now?
  • Click Yes this will restart your pc
  • Note: If your PC does not restart automatically please restart it manually
 
ok, i got a message when i clicked to reboot and it says-

pendingfilerenameoperations registry data has been removed by external process!

don't know what this means, lol. did it get rid of it?
 
Ok, go to start>Run>and copy and paste this into the box

D:\I386\Apps\APP19578\src

I would suggest if it takes you to that folder then just delete the contents and empty the recycle bin.

Also empty the contents of this folder but do not delete the folder itself,

C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine

Then empty the recycle bin.

C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

This is also infected so I would advise deleting it.
 
kritius, i deleted the files. also, i came across something that may be useful. i was looking thru the spywareblaster. the sites are not in the protected file to keep them from loading. how do i go about adding those to the site? maybe that will help too. i will go and insert the addresses too if that will work. i seen where to add, but i didn't know if it was for that kind of thing or not, so i thought i'd ask first. thanks-
 
You can always try it cant hurt, using FireFox is also an option, its a more secure browser.

WhatAboutADog is related to the Downloader.Agent.awf. It moves legitimate executable files from their correct location into a 'bak' folder created by the malware.

Which is very strange because FindAWF cannont find any bak folders on your system.


Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ok lets try this again- well i may have to run it again. it says there is an upload error and i have already uploaded it. but i don't see it there
 
Hi,

  1. Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    File::
    C:\WINDOWS\system32\dllcache\iexplore.exe
    C:\WINDOWS\Fonts\RandFont.dll
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PhotoShow Deluxe Media Manager"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
    Click to expand...
  2. Save this as CFScript on the desktop.
  3. Referring to the image below, drag CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe.
    CFScript.gif

  4. ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

Thereafter, please post fresh HJT and AVG Antispyware logs and the resultant ComboFix log from the above instructions as attachments into this thread.


Regards,
momok =)

This thread is for the use of campingmom4 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Your AVG anti spyware log shows 'no action taken' for all the detected items. I require you to run the scan again and perform 'Quarantine' on all items detected. Only save the log after performing that.

Thereafter, boot into safe mode as before and do the following:

I'd like to verify the contents of this folder and if you created them.
C:\Program Files\Smilebox

Let me know in your next reply, thanks.

It appears you have not fully removed Viewpoint for some reason. This is for your information, if you wish to fully remove it.
C:\Documents and Settings\All Users\Application Data\Viewpoint < this folder still exists.

Manually navigate to this file and delete it. Do let me know if you face any problems with that.
C:\WINDOWS\Fonts\RandFont.dll

Thereafter, please reboot into normal mode and post a fresh HijackThis and ComboFix log, as well as the AVG log from the above actions.

Regards,
momok =)

This thread is for the use of campingmom4 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Ok momok, here is the results of the scans. sorry it took some time, had a couple teenagers here using the other puter and couldn't post, lol. the file of the smilebox, I was in doing some scrapbooking and went to that site to get some things. I deleted it from add/remove programs, but evidently it's still around somewhere. tell me where it was and how to delete the rest of it. I got the other one out too.
 

Attachments

  • log.txt
    13.7 KB · Views: 5
momok, i was getting some error messages when i was running combo fix. i wrote them down if you need to know what they said-
ps also- my cd rom won't play now- is it because i've shut something off?
 
This is the only remaining folder for Viewpoint.

C:\Documents and Settings\All Users\Application Data\Viewpoint

Your logs look fairly clean now. Are you facing any problems apart from the CD-Rom error? Please describe the problem(s) in detail.

  1. Please download and run CCleaner via step 9 of the instructions HERE.

  2. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

  3. Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

  4. After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

  5. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
momok =)

This thread is for the use of campingmom4 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 

Similar threads

A
Buffalo Japan is selling a transparent hard disk drive for its 50th anniversary
Replies
9
Views
78
Axeia
Axeia
zohaibahd
Half-Life beta build from 1998 is uncovered in dusty storage unit
Replies
0
Views
198
zohaibahd
zohaibahd
S
Massive hack hits Internet Archive, compromising millions of user accounts
Replies
4
Views
358
scoffer
S

Latest posts

Back