Infected with PC-Antispyware, Downloader, and "Protection Control Panel"

[moderate]

I have run AVG, spybot search and destroy and 3 or four other spyware removers, but PC-Antispyware keeps coming back after my programs remove a bunch of stuff. My Norton AV keeps picking up a downloader virus, removes it, but it too keeps coming back. Also, some kind of bogus-looking "Security System Protection Control Panel" Pops up at various times along with the PC-Antispyware window.
I'm afraid to manually delete anything - any help you can give? I'm good at following instructions.
It's really making me nuts after 1 full week of trying. Please help, please!

 

[kritius]

Maybe because you have Norton and AVG going at the same time, get rid of one, preferably Norton.

Norton Removal Tool

The first thing that I need you to do for me is to download and install HijackThis for me,

Highjackthis Instructions

• Make sure you have the LATEST version of HJT (currently v2.0.2) it can be downloaded from HERE
• Run the HijackThis Installer and it will automatically place HJT in its own folder, usually C:\Program Files\Trend Micro\HijackThis. Please don't change the directory as it is necessary to create backups.
• After installing, the program launches automatically, select Scan now and save a log
• After the scan is complete post the log as an attachment in your reply.

Do not attempt to fix any item yet.
Do not add anything to the ignore list.
Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.

Hijackthis will give me an idea as to what nasty things there are lurking about in your system and will help the both of us get rid of them.

If you have any problems or questions then please post back.

 

[moderate]

Kritiius -

Attached is the log.

View attachment hijackthis.log

 

[stevee86]

My Laptop switches off... virus?

Guys! I need some help! my laptop turns on fine, but it doesnt stay on long! It suddenly switches off, i'll be doing something one minute then my computer is off the next. This will happen after half an hour of use and then becomes almost unusable after that - turning off every few minutes which is driving me mad!! I thought it may be a cooling issues as it was sometimes hot, but have noticed that this is not always the case. I have removed the battery and run off ac and just run off batt and its the same for both. I have started to think the issue might be virus related - wen i attempt to run a virus scan it switches off as well as wen i attempt to play a file, ie in windows media player etc, this has meant I do not seem to be able to run a full virus scan. I have a fully up to date norton security system. One other thing is that often before it switches off my start menu will shoot up, or the menu that appears when you right click will suddenly pop and and then straight away my computer will turn off - as if someone has taken control of the mouse. this is starting to drive me mad so if anyone has any advice this would be massively appreciated!!!!!!!!!

 

[kritius]

Ill look over it and get back to you.

 

[frannip]

kritius, my father has a very similar problem. he's not very computer savvy so I'm trying to clean his machine. Although we HAVE found several viruses, I still ran hijackthis. Please let me know if you'd be willing to check out the log. I'll then attach it. Thanks!

 

[kritius]

Open up a post of your own and attach it and ill look over it for you.

 

[kritius]

@Moderate

Fix entries using HiJackThis

• Launch HiJackThis
• Click the Do a system scan only button
• Put a check next to the entries listed below

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.35.125.62:80
O4 - HKLM\..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB001" /M "Stylus C88"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [ljhgzqsr] C:\WINDOWS\system32\ejybubgp.exe
O4 - HKLM\..\Policies\Explorer\Run: [N51UcOaC62] C:\Documents and Settings\All Users\Application Data\knenkbqv\ybyjklml.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Trend Micro Anti-Spyware.lnk.disabled
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.1.74.cab
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/51/install/gtdownls.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/60/install/gtdownhp.cab?1,0,0,94
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe (file missing)

• IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
• Click the Fix checked button and close HiJackThis
• Reboot HijackThis if necessary

Delete Files and Folders

• Right Click on the start button and chose explore
• Show all hidden files and folders, see how HERE
• Navigate to the following files and folders and delete them(if still present)

C:\WINDOWS\system32\ejybubgp.exe<---------This File
C:\Documents and Settings\All Users\Application Data\knenkbqv<---------This Folder

• Empty the recycle bin.

If that does not work then repeat the process in safe mode. See how to boot into Safe mode HERE.
***DO NOT USE MSCONFIG TO BOOT INTO SAFE MODE***

Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update TAb at the top
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

This thread is for the use of Moderate only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[moderate]

Kritius -

All steps completed. Everything quiet so far. Anything I should do next?

 

[kritius]

I would like you to do an online scan so that we can what else may be in your system,
Run Kaspersky online scanner
With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
Do not go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
  o Scan using the following Anti-Virus database:
  o Extended (If available, otherwise use standard)
  o Scan Options:
  o Scan Archives
  o Scan Mail Bases
• Click OK
• Under select a target to scan, select My Computer
• The scan will take a while so be patient and let it run.
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
• Click the Save Report As... button (see red arrow below)
  
  
  
  
  
• In the Save as... prompt, select Desktop
• In the File name box, name the file
• In the Save as type prompt, select Text file (see below)
  
  
  
  
  
• Include the report in your next post.

also do a fresh HJT log for me, ill look them over for you tomorrow.

 

[moderate]

Kritius -
Thanks here are the files. looks like Kasp picked up a couple still:

 

[kritius]

delete the contents of this folder but not the folder itself.

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Delete this file,

C:\Documents and Settings\Lee\My Documents\temps\mirc616.exe

HJT log fine,

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please attach the log into your next reply.
• If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 

[moderate]

K -

Done. Log attached.

 

[Blind Dragon]

@kritius = don't like hijacking threads, but this infection is everywhere, it is a vundo type infection - SDFix will also work with MBAM on XP machines. For Vista just use the usual

 

[nufather]

I am having this same problem on my machine. Please help

Infected with PC-Antispyware , Downloader, and "Protection Control Panel"

I also have a log. Any advice is greatly welcomed.

Thx so much for your help.
nufather

 

[moderate]

nufather - you need to post your problem separately, each person gets helped in his own string of posts.

Kritius - am I clean?

 

[nufather]

No problem. I will

Thank you for responding so quickly.

 

[smorgan21]

Protection Control Panel Removal

I need serious help as I am unable to get this popup adware off my system in spite of my best efforts. I have attached the logfile below. Again, thanks for your help in advance.

 

[smorgan21]

Logfile This time...

Hopefully the logfile is attached this time.

 

[kritius]

smorgan21 use your own thread

moderate apologies the thread got hijacked,

Download and Run ComboFix

• Download this file from either of the two below listed places :
  
  HERE or HERE
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Attach that log in your next reply

WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

[bigguy2008]

protection control panel and system integrity scan wizard

I'm new to this site, but I think you have the answer. I have a very similar problem to the one already on this thread. I get pop ups on my desktop saying that it needs to do a scan from System Integrity Scan Wizard, Protection Control Panel and the trojandownloader.xs. I'll attach my hijackthis file so you can help me. Thanks for being a computer genius!

 

[Blind Dragon]

You definitely have the same infection

However the files are randomly named so yours will be different

please go https://www.techspot.com/vb/menu28.html and start a new thread

 

[smorgan21]

So Far So Good...

Whatever it was that infected my machine appears to be cleansed from my systed (at least for over a week now it hasn't popped up). I don't know which one of the many downloads took care of it, or if it is a combination of the programs, but either way, so far so good.

Scott

 

[Blind Dragon]

Scott I never noticed you start your own thread, or post any logs. I always like to remind people that there is a difference between removing malware and removing symptoms.

 

[e4tmonkieshyt]

"Protection Control Panel"

i have attached the log as you have indicated. please help me get rid of this annoying pop-up.