By marygg ยท 9 replies
Jun 17, 2009
  1. This computer was infected with virus shield 2009. When I ran the hijack this, I came up with an error I don't know how to deal with. I'm including that log also. Thank you.

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please UPDATE Malware bytes and run again. Malware was found but you did not check for removal: No action taken.
    I see 2 entries for AVG Toolbar but none of the other entries that should show if you are running the program. Please check the status of the antivirus program.

    In the Host text, appears to be for an antivirus program- so this must be entry from Virus 2009.

    A combination of Malwarebytes and Smitfraud should remove it, so please update and scan with Mbam again. When through:

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    Attach the new Mbam log and the Smitfraud report.
  3. marygg

    marygg TS Booster Topic Starter Posts: 121

    I've attached the two logs you requested. There was a problem with the AVG installation, I plan to reinstall it after the computer is clean. Thanks.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Thank you. now do the following:
    You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning : running option #2 on a non infected computer will remove your Desktop background.

    If you need screen shots for the above, you can find them HERE in the Removal section.

    Please attach new SmitFraud report and log from new scan with HijackThis.

    NOTE: you need to have some functioning antivirus on the system. If it is not functioning now, you have no protection. IF AVG was a problem, perhaps you'd like to try Avira or Avast. Both are free:
    Whichever you install, please run a full system can and attach log.
  5. marygg

    marygg TS Booster Topic Starter Posts: 121

    The two logs are attached. I reinstalled avg. Thanks.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay, I'd like you to do a full system scan with AVG> save the log> attach to next reply.

    Then rescan with HijackThis and attach the new log.

    Are you having any of the original problems? Any new ones? If it's a No/No and the 2 logs are clean, I'll have you remove the cleaning tools and old restore points.
  7. marygg

    marygg TS Booster Topic Starter Posts: 121

    Malwarebytes took care of the virusshield2009 in it's first scan. The only other problem that comes up is hijack this cannot open the hosts file to scan it. The two scans are attached. AVG scan came up clean. Thanks for checking hjt file.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You can run Combofix is you're still concerned, but HijackThis is clean, I do recommend though that you remove all of the following from the Statup Menu:
    All of the above can be started manually from All Programs when you need them. It's a waste of system resources to have them start on boot and run in the background.

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTCleanIt by OldTimer:
    Save it to your Desktop.
    Double click OTCleanIt.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    Empty the Recycle Bin when you have finished.

    Please let me know if I can be of more help.
  9. marygg

    marygg TS Booster Topic Starter Posts: 121

    Everything appears to be fine. Thank you so much for your help.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're welcome.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...