Step 1:
Go into Add or Remove Programs in your Control Panel and uninstall anything having to do with
Viewpoint or
Outerinfo.
Step 2:
Then run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [Microsoft Logon Event] winslogin.exe
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\john\LOCALS~1\Temp\kjwhvfxi.dll",forkonce
O4 - HKCU\..\Run: [mwoi] C:\PROGRA~1\COMMON~1\mwoi\mwoim.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O4 - HKCU\..\Run: [Microsoft Visual Enhance V2.1] C:\WINDOWS\iuntfs32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close all programs except HijackThis. Click the Fix Checked button. FIxing may take awhile; once it's done, close HijackThis.
Step 3:
Go to Start->Run, type in
cmd
Press Enter.
Once the black window appears, type in the following:
sc config "viewmgr" start= disabled
Press Enter.
Once it finishes that operation, type
exit and press Enter, which should close the window.
Step 4:
Please download the file
CFScript.txt attached to my post and save it to the same folder as ComboFix.
Referring to the image below, drag the
CFScript.txt that you just downloaded over onto
ComboFix.exe and release.
This will ask ComboFix to execute the instructions within my file.
Let ComboFix run normally and do its job. Attach the resultant log in your next reply.
Step 5:
Please navigate to
www.virustotal.com.
Click the Choose... button.
Navigate to the following file:
C:\WINDOWS\system32\stfv.bin
Click Open. Then click Send File.
Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer.
Step 6:
Post a fresh HijackThis log, as well as the log resulting from the CFScript, and the VirusTotal log.
Regards
This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.