JS/Psyme found by AVG

[usedKar]

Hello. I had this popup on AVG I have followed all advice on malware removal
Here's my logs.
Nothing on avgRoot.
2 dll found changed on AVG scan plus 3 files sent to vault.
Note i did not delete the 2 file that avg listed as,"Changed"
C:\Windows\system32\kernel32.dll result Change status Changed
C:\Windows\system32\drivers\ect\hosts result Change status Changed

ALSO..I could Never get Adware SE to install..system error message and closed

 

[momok]

Hi,

Very Important: Malware infections can possibly lead to identity theft, stolen bank funds, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

Let me know if you wish to format or clean.

Regards,
Your friendly momok =)

This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[usedKar]

Hello and Thanks.
I'm a bit confused..I have already..followed the cleaning instructions and posted my Hjt file after procedure in the above thread.
Is the highjack txt incomplete?

also I have run 3 complete scans with AVG and at least 3 each of Spybot and avgspam prg with no threats shown...This after intial cleaning.
Thanks again,,standing by for reply
Aloha

 

[momok]

Hi,

You have not posted an AVG antispyware log. Please do so in your next reply.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode and the ComboFix log from the instructions earlier as attachments into this thread.

Regards,
Your friendly momok =)

This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[usedKar]

Oh!..Thanks! Heading to work now..will procede with instructions tonight..Take care.

 

[usedKar]

Here goes..new files..

 

[usedKar]

Hello? help please...

 

[momok]

Hi,

Have HijackThis fix this entry:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Also, please download this file HERE.
Open it, and extract the Hosts file into this folder:

C:\WINDOWS\SYSTEM32\DRIVERS\ETC

Note: it goes into the ETC folder, not a folder of its own in the ETC folder.
When prompted to replace your hosts file, click Yes.

Apart from that, your logs look clean. Are you still facing any problems?

Regards,
Your friendly momok =)

This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[usedKar]

Things seem to be ok.
Thank you for your HELP!!!
here's my latest hjt file.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log is clean.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

This thread is for the use of usedKar only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[usedKar]

Aloha
Mahalo
Thank you.