Horrible virus

[h00ps24]

I tried removing the virus using ad-aware, but it failed to clean everything. once the virus was acquired, I could no longer open spybot search and destroy or install and run malwarebytes for the first time. Some of the files that have been removed by ad-aware are: win32.adware.popupmenu; win32.fraudt(cut off here)ectionsystem; win32.trojan.fraudload; win32.trojandropper.delf

when I search a topic on google and click any of the links resulting from the search, the virus reverts the page to another site. please help me!

 

[raybay]

Adaware is never, in my opinion, an adequate tool for removing a virus of almost any definition.
Suggest you look at the 8 Steps found elsewhere on TechSpot,
or use all of these with which we have had such astounding luck: Avira Antivir, Microsoft Security Essentials, Super Antispyware, and MalwareBytes or Spyware Doctor or SpySweeper...in that order.
You can read more about them online with a Google search.

 

[h00ps24]

ok, but I cannot even open up Avira Antivirus after I installed it. When I open the task manager, it shows that Avira Antivirus is open, but nothing opens up, this is the same thing that happens when I try to open Malwarebytes or Spysweeper. What is the next step now?

 

[h00ps24]

any suggestions???

 

[raybay]

Rinstall Windows, or install Windows in R for Repair mode (not R for Repair Console) That will replace windows without replacing or damaging your data or other installed programs. You will need the same disk which was originally used to install Windows.

 

[h00ps24]

I have been trying to reinstall windows with the original cd provided. But I keep getting this error message: setup was unable to create critical folder C:\$WIN_NT$.~BT . So how can I fix this problem to reinstall windows?

 

[Bobbye]

h00ps24, before you attempt a reinstall- which I doubt will be necessary:

Here is the main problem now:
O4 - HKCU\..\Run: [cls_pack.exe] C:\DOCUME~1\KELSEY~1\LOCALS~1\Temp\cls_pack.exe

This malware executes from a temporary folder, so let remove as many of them as possible:

TFC (Temp File Cleaner)

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

When that has finished please run this online scan so I can see what you have::

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Leave the log for the Eset scan in your next reply.

Is the Symantec/Norton program current and working?


Please do not run any other program unless I instruct you to.

 

[h00ps24]

Ok, I ran the TFC program and the Eset NOD32 online antivirus scanner. This has been the 5th attempt at running the Eset scan, my computer would just shut down for all the previous failed attempts, I thought that was weird. The log.txt from the scan is attached. My symantec antivirus software was up to date, but as a result of the recent virus I have been unable to update the virus definitions.

 

[Bobbye]

There is a malware entry in memory that needs to be removed. Sorry you had the problem with Eset. I could have given you a different program to use if you had let me know.

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  
  Important! Save the renamed download to your desktop.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

• Double click on the setup file on the desktop to run
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
• Click on Yes, to continue scanning for malware.
  
• When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Rescan with HijackThis and include new log along with Combofix report in next reply.

 

[h00ps24]

hi, combo fix was freezing several times on my computer...so I decided to reinstall windows, i had some other file missing for sounds.......thanks again for helping to clear that issue up to even have the ability to reinstall windows...you guys are awesome!

 

[Bobbye]

Sorry we couldn't be of more help. Thank you for the update.

I am closing the thread.