Infected with PC-Antispyware, Downloader, and Protection Control Panel

By nufather ยท 16 replies
Apr 2, 2008
  1. Yet another one. I am having this same problem.
    Please any advice is greatly welcomed.
    Thank you in advance for your help.

    I have installed hijackthis and have included the file
    I have also ran the malwarebytes and have included the file
    I am in the process of running Kaspersky Online and will update this as soon as its done
  2. nufather

    nufather TS Rookie Topic Starter

    here's the hijackthis file

    You have already attached this file in thread : Infected with PC-Antispyware , Downloader, and "Protection Control Panel"

    it will not let me upload the hijackthis file. i uploaded it to another link and cant even link to it
  3. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, really need to see Hijackthis before advising further so do this

    In the blue bar above on the far left side click Edit Profile

    Go down to the bottom of the left pane and select Attachments

    From there remove all attachments then try to attach it here

    I am now subscribed to this thread so will get email notifications of your replies.
  4. nufather

    nufather TS Rookie Topic Starter

    sorry about that.

    here is that hijackthis file
  5. nufather

    nufather TS Rookie Topic Starter

    Kaspersky file report from top link Critical areas

    Here is just from critical areas from Kaspersky
    saved as html
    renamed as txt
  6. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    After we get some of this cleaned up remind me to have you run through our preliminary removal instructions. It has a lot of programs and links to help keep you clean.
    Older versions of Java are easily exploited by malware so lets update your Java right off the bat.

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update Tab at the top of the Java console
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder


    You aren't running Firewall Software. Please download and install one of these first!

    Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:

    Not a lot of good options for Vista, I use
    Comodo Make sure to do the Advanced Install

    Download and Run ATF Cleaner
    Download ATF Cleaner by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it.

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    Firefox or Opera:
    Click Firefox or Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    This thread is for the use of nufather only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. nufather

    nufather TS Rookie Topic Starter

    Is there a certain report you want from Kaspersky or do you want all 6?

    I do appreciate the help
  8. nufather

    nufather TS Rookie Topic Starter

    I have windows firewall on
    I am also running trend micro antivirus
    and I just got Spyware Doctor last night

    are these ok?
  9. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Windows Firewall is better than nothing. However it is extremely complicated to configure correctly and as I said. Simply using a Firewall in its default configuration can lower your risk greatly. By default Windows Firewall only protects you from incoming traffic. Ultimately it is up to you, but I recommend Comodo.

    After you are clean we will tighten up your security with what I recommend. Basically you want 1 active Anti-virus (Trend Micro is great), 1 active Firewall, and then a combonation of anti-spyware

    Please don't post multiple times in a row, between my replies, as I get an email everytime you post. As you may have noticed there are hundreds of replies to post a day here, that means I already get hundreds of emails. You can use the edit button until I reply, then make a new post.
  10. nufather

    nufather TS Rookie Topic Starter

    No problem. I will

    Ok, I updated Java and delted the 1 previous ver.
    I installed comodo pro but didnt see an advanced setting in install
    I ran ATF cleaner w/firefox option
    ran combofix (had to shutdown spyware doctor) attached is the file
    reran hjt and attached the file.

    Weird, none of the options will work now.
    I have no attach button
    i am unable to attach any files
    am i missing something

    tried rebooting -same , im unable to use any of the buttons in the box here. also i have no attach button now to attach files
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Look in additional Options below the submit reply button, click Manage Attachments

    Or if you are using quick replies, select Go advanced
  12. nufather

    nufather TS Rookie Topic Starter

    Sorry, I dont have that option any more. under additional options it says attach a file...........and then it lists all the valid ext. The button for Manage attachments is gone

    Miscellaneous Options
    Automatically parse links in text
    Disable smilies in text

    Attach Files
    Valid file extensions: bmp dmp doc gif jpe jpeg jpg log pdf png psd txt zip

    Thread Subscription
    Notification Type:

    Buttons are missing
    trying in IE, currently in firefox - which i was in previously
  13. nufather

    nufather TS Rookie Topic Starter

    OMG - IE works, firefox doesnt anymore. I can use the menu and I have the button back

    Here you go, here is the combofix file and the hijackthis file

    Sorry about the double posts, I thought I was editing.

    Goodnight then. Thank you so much for your help.
  14. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Ok, Just to let you know I have to sleep for a bit, when I wake up you will be at the top of my list of fixes.
  15. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908


    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.


    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Go ahead and attach the logs. This particular infection should be gone. However to make sure you are clean, please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs.
  16. nufather

    nufather TS Rookie Topic Starter

    combo fix and hijackthis file

    Here is the new Combo fix file and hijackthis file
  17. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):

      O2 - BHO: PC-Antispyware Site Blocker Button - {10F0C2A9-8E38-43e3-204D-45524C494E20} - C:\Program Files\PC-Antispyware\IeExtension.dll (file missing)
      O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
      O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    Uninstall Combofix
    * Click START then RUN
    * Now type Combofix /u in the runbox
    * Make sure there's a space between Combofix and /u
    * Then hit Enter.

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.

    Cleanup using OTMoveit2 by OldTimer
    Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

    Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

    1. Double click OTMoveIt2.exe to launch it.
    If using Vista Right-Click OTMoveIt and choose Run As Administrator
    2. Click on the CleanUp! button.
    3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

    * When finished exit out of OTMoveIt2

    Now you get to run that Kaspersky Scan, but please follow these instructions
    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...