Infected with PC-Antispyware, Downloader, and Protection Control Panel

[nufather]

Yet another one. I am having this same problem.
Please any advice is greatly welcomed.
Thank you in advance for your help.
nufather

I have installed hijackthis and have included the file
I have also ran the malwarebytes and have included the file
I am in the process of running Kaspersky Online and will update this as soon as its done

 

[nufather]

here's the hijackthis file

You have already attached this file in thread : Infected with PC-Antispyware , Downloader, and "Protection Control Panel"

it will not let me upload the hijackthis file. i uploaded it to another link and cant even link to it

 

[Blind Dragon]

Ok, really need to see Hijackthis before advising further so do this

In the blue bar above on the far left side click Edit Profile

Go down to the bottom of the left pane and select Attachments

From there remove all attachments then try to attach it here

I am now subscribed to this thread so will get email notifications of your replies.

 

[nufather]

sorry about that.

Thx
here is that hijackthis file

 

[nufather]

Kaspersky file report from top link Critical areas

Here is just from critical areas from Kaspersky
thx
saved as html
renamed as txt

 

[Blind Dragon]

After we get some of this cleaned up remind me to have you run through our preliminary removal instructions. It has a lot of programs and links to help keep you clean.
-------------------------------------------------------------------------------------------------------
Older versions of Java are easily exploited by malware so lets update your Java right off the bat.

Update your Java Runtime Environment

• First try going to Start -> Control Panel -> double click Java
• Select the Update Tab at the top of the Java console
• Click the Check for Updates button at the bottom
• If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
• After it installs the newest version Go back to Control Panel -> Add/remove programs
• Uninstall any older versions of Java

If for some reason you couldn't update through the above instructions.

• Click the following link
  Java Runtime Environment 6 Update 5
• The 4th option down is the one you want (click Download)
• Check the box to agree to terms of service
• Check the box for your operating system and click 'Download selected'at the bottom
• After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
• Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

-------------------------------------------------------------------------------------------------------

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:

Not a lot of good options for Vista, I use
Comodo Make sure to do the Advanced Install
----------------------------------------------------------------------------------------------------------

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

------------------------------------------------------------------------------------------------------

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• Type "1" (and Enter) to start the fix.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

This thread is for the use of nufather only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nufather]

Is there a certain report you want from Kaspersky or do you want all 6?

I do appreciate the help
Thanks,
nufather

 

[nufather]

I have windows firewall on
I am also running trend micro antivirus
and I just got Spyware Doctor last night

are these ok?

 

[Blind Dragon]

Windows Firewall is better than nothing. However it is extremely complicated to configure correctly and as I said. Simply using a Firewall in its default configuration can lower your risk greatly. By default Windows Firewall only protects you from incoming traffic. Ultimately it is up to you, but I recommend Comodo.

After you are clean we will tighten up your security with what I recommend. Basically you want 1 active Anti-virus (Trend Micro is great), 1 active Firewall, and then a combonation of anti-spyware

Please don't post multiple times in a row, between my replies, as I get an email everytime you post. As you may have noticed there are hundreds of replies to post a day here, that means I already get hundreds of emails. You can use the edit button until I reply, then make a new post.

 

[nufather]

No problem. I will

Ok, I updated Java and delted the 1 previous ver.
I installed comodo pro but didnt see an advanced setting in install
I ran ATF cleaner w/firefox option
ran combofix (had to shutdown spyware doctor) attached is the file
reran hjt and attached the file.


Weird, none of the options will work now.
I have no attach button
i am unable to attach any files
am i missing something


tried rebooting -same , im unable to use any of the buttons in the box here. also i have no attach button now to attach files

 

[Blind Dragon]

Look in additional Options below the submit reply button, click Manage Attachments

Or if you are using quick replies, select Go advanced

 

[nufather]

Sorry, I dont have that option any more. under additional options it says attach a file...........and then it lists all the valid ext. The button for Manage attachments is gone

Miscellaneous Options
Automatically parse links in text
Disable smilies in text

Attach Files
Valid file extensions: bmp dmp doc gif jpe jpeg jpg log pdf png psd txt zip

Thread Subscription
Notification Type:

Buttons are missing
trying in IE, currently in firefox - which i was in previously

 

[nufather]

OMG - IE works, firefox doesnt anymore. I can use the menu and I have the button back

Here you go, here is the combofix file and the hijackthis file





Sorry about the double posts, I thought I was editing.


Goodnight then. Thank you so much for your help.

 

[Blind Dragon]

Ok, Just to let you know I have to sleep for a bit, when I wake up you will be at the top of my list of fixes.

 

[Blind Dragon]

CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)

File::
C:\Windows\system32\gbmbkzyf.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rjviabma"=-

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Go ahead and attach the logs. This particular infection should be gone. However to make sure you are clean, please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs.

 

[nufather]

combo fix and hijackthis file

Here is the new Combo fix file and hijackthis file

 

[Blind Dragon]

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
  O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
  O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

* When finished exit out of OTMoveIt2
-------------------------------------------------------------------------------------------------------

Now you get to run that Kaspersky Scan, but please follow these instructions
Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply