Infection
- Thread starter marygg
- Start date
- Status
Bobbye
Posts: 16,313 +36
Please UPDATE Malware bytes and run again. Malware was found but you did not check for removal: No action taken.
I see 2 entries for AVG Toolbar but none of the other entries that should show if you are running the program. Please check the status of the antivirus program.
In the Host text, http://securitysoftwarepayments.com/ appears to be for an antivirus program- so this must be entry from Virus 2009.
A combination of Malwarebytes and Smitfraud should remove it, so please update and scan with Mbam again. When through:
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Attach the new Mbam log and the Smitfraud report.
I see 2 entries for AVG Toolbar but none of the other entries that should show if you are running the program. Please check the status of the antivirus program.
In the Host text, http://securitysoftwarepayments.com/ appears to be for an antivirus program- so this must be entry from Virus 2009.
A combination of Malwarebytes and Smitfraud should remove it, so please update and scan with Mbam again. When through:
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Attach the new Mbam log and the Smitfraud report.
Bobbye
Posts: 16,313 +36
Thank you. now do the following:
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
If you need screen shots for the above, you can find them HERE in the Removal section.
Please attach new SmitFraud report and log from new scan with HijackThis.
NOTE: you need to have some functioning antivirus on the system. If it is not functioning now, you have no protection. IF AVG was a problem, perhaps you'd like to try Avira or Avast. Both are free:
Avira:
Avast:
Whichever you install, please run a full system can and attach log.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
If you need screen shots for the above, you can find them HERE in the Removal section.
Please attach new SmitFraud report and log from new scan with HijackThis.
NOTE: you need to have some functioning antivirus on the system. If it is not functioning now, you have no protection. IF AVG was a problem, perhaps you'd like to try Avira or Avast. Both are free:
Avira:
Avast:
Whichever you install, please run a full system can and attach log.
Bobbye
Posts: 16,313 +36
Okay, I'd like you to do a full system scan with AVG> save the log> attach to next reply.
Then rescan with HijackThis and attach the new log.
Are you having any of the original problems? Any new ones? If it's a No/No and the 2 logs are clean, I'll have you remove the cleaning tools and old restore points.
Then rescan with HijackThis and attach the new log.
Are you having any of the original problems? Any new ones? If it's a No/No and the 2 logs are clean, I'll have you remove the cleaning tools and old restore points.
Bobbye
Posts: 16,313 +36
You can run Combofix is you're still concerned, but HijackThis is clean, I do recommend though that you remove all of the following from the Statup Menu:
All of the above can be started manually from All Programs when you need them. It's a waste of system resources to have them start on boot and run in the background.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTCleanIt by OldTimer:
Save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
Empty the Recycle Bin when you have finished.
Please let me know if I can be of more help.
All of the above can be started manually from All Programs when you need them. It's a waste of system resources to have them start on boot and run in the background.
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTCleanIt by OldTimer:
Save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
- Go to Start > All Programs > Accessories > System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
- Click "OK" to select the partition or drive you desire.
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.
Empty the Recycle Bin when you have finished.
Please let me know if I can be of more help.
- Status
