JS/Psyme resident - followed procedures

[TheWildInside]

In response to my free AVG Anti-Virus program finding, but not cleaning, the JS/Psyme malware on Friday, I bopped out to your site, copied/saved and printed your new n improved "preliminary removal instructions" and have followed same step by step. Results are:

Downloaded and/or updated software and followed instructions Step 1 thru Step 9

Step 10: Ran Tools 1, 2 and 3 ... all reported "clean with nothing found".

Step 11: Ran Anti-rootkit .. reported "clean".

Step 12: Ran Combofix.exe .. successful scan, 0 hidden files. Combofix.txt attached

Step 13: Booted into Safe Mode, AVG Free Anti-virus could/would not clean JS/Psyme

Step 14:
SS&D - "no immediate threats found"
Ad-Aware - Tracking cookies only, quarantined
AVG Antispyware - just a couple tracking cookies (and this program is severly distorted in Safe Mode .. many things outside the margins and cannot be accessed). No log attached, could not access the Save As button.

Step 15: Ran HijackThis, log attached

I'm going to try running the virus program in Safe Mode again while I await your advice on how to proceed .. and if you've got any ideas on how to deal with AVG's antispyware distortion in Safe Mode, I'm all eyes. I had this problem back in January when I had another nasty gain access to my laptop.

Oh, and this time I know the source of this piece of malware .. and I feel stupid for having fallen for it .. it was one of those "XYZ has sent you a greeting card". I have deleted 7 or 8 of these messages over the last several weeks, each in a slightly different guise; however, this one arrived at a time when it would have been appropriate to receive an e-card .. and the subject line wasn't as suspicious. Live n learn. I clicked the link to "view the card" and the lightbulb went on almost immediately - apparently not quite fast enough, because even though I stopped it quickly, here I am, with JS/Psyme crawlin' around inside my machine!

No overt symptoms, though it took multiple attempts to login to techspot .. I was continually thanked for logging in, and then returned to the login screen immediately following.

Will anxiously await your expert advice ... many thanks in advance!

Karan

 

[raybay]

You will have to await the awakening of Momok, Howard_Hopkinso or one of the other infestation gurus... as they are only available part of the day.

 

[TheWildInside]

Well color me amazed!

Rebooted in safe mode, showed hidden files and then re-ran my AVG Anti-virus program after posting my initial information earlier today, and damn if it discovered no threats!! I think this is a good thing, but I am now seriously confused. It can't have been that easy .. can it?!?!

Am now even more curious about what might be found in my attached logs.

(Thanks raybay .. was patiently waiting and will continue to do so <smile>)

Karan

 

[TheWildInside]

It ain't over til it's over ..

Well, I thought all was well, but it seems after going through all the steps in the "virus/spyware/malware, preliminary removal instructions" page a couple weeks ago, I'm experiencing multiple little annoyances: it seems getting to the checkout page of a shopping cart is now nearly impossible (the last five or six things I tried to order online finally had me giving up and phoning in my order) - and this has happened with dog food, cosmetics, vitamins, etc.; it took eight attempts to login to TechSpot (this continues to be problematic), and the biggie is my Internet Explorer browser no longer works after all the cleanin' up I did. As I'm an AOL user, I thought the only time I ever used Internet Explorer was when AOL's internal browser was not up to viewing a particular site, or if I just wanted to have multiple browsers open; but it seems IE is also necessary for a couple of important procedures, updating AVG's free anti-virus software, for one. So, my virus definitions are most definitely outta date and I can't seem to update the thing. I finally gave up working with my existing IE software and took the hour plus to download version 7.0. But when I try to open it, it just freezes and I end up having to shut down AOL and start over ... and no matter how many times I try, it's the same response. No idea how to fix it.

So ... my virus software needs updating, so I'm not sure it's worth running the thing at the moment; and the tool I need to update it won't work (and yes, I did download the right version of IE). Additionally, it seems some additional items I use regularly rely on IE in the background in some way, most importantly, my Google calendar .. to which I no longer have access. : (

So ... would someone please be so kind as to give me some direction here. It took my dial-up connect well over an hour to download the version of IE, and none of the other versions are appropriate, so I'm kinda lost as to how to proceed.

And, I might also add that the incidences of those emails suggesting someone has sent me a greeting card have tripled in the last week or so. Damned evil code writers!

Lost in northern NY

Karan

 

[raybay]

Do you have Internet Explorer 7.0 installed now? I assume you do.
If you do not already have them installed, download AVG Antispyware, AVG Antivirus, AVG rootkid, Adaware 2007, and Spybot 14. Or download Avast instead of AVG if you prefer. Install them.
Download Internet Explorer 7.0, and hold it someplace you can access it.
Be sure you can get another AOL disc that DOES NOT have 9.0 Security Version, because they are so darn hard to get.
Go to Help and Support, and create a restore point.
Then use add and remove to remove AOL, and Internet Explorer 7.0.
Use Registry Cleaner, RegClean, or other free simple registry editor to delete all remnants of AOL and anything else you have attempted to remove otherwise.
Shut down. Cold boot to your windows disc and run the Windows Disc in Repair mode.
Shut down.
Run the AVG programs, Adaware 2007, and Spybot all in SAFE MODE where you boot and press <F8> repeatedly until you get the SAFE MODE screen.
Shut down.
Reboot.
Go to Administrative Tools -> Computer Management -> Event Viewer, and remove all events.
Go to Administrative Tools -> Computer Management -> Disk Defragmenter and defragment the drive.
Shut Down.
Reboot.
Reinstall Internet Explorer 7.0 using the site to which you downloaded it.
Reboot.
Go to Www.microsoft.com and search for Microsoft Updates. Download and install all updates. I prefer the Custom mode so I can see what is going on.
Shut down.
Restart and go back to Microsoft to once more download all updates. There should be some new ones.
Shut down, and reboot to safemode, and run AVG antispyware in Safe Mode.
Shut down and reboot.
Install AOL 9.0 that is NOT the AOL security edition.
Reboot.
Run AVG programs again in regular mode, then reboot and run them again in Safe mode
With just a little bit of luck, your system should run normally now.

A wise person, in my opnion, will switch to the free AOL version until you can notify all correspondents, the remove it altogether., and find a different paid Internet Provider... then use gmail or some other throw-away email system. We find more problems with AOL than any other software because AOL does not play nice... but it may be because the people who use AOL need that astonishingly difficult program.

 

[TheWildInside]

Hung up

Thank you so much for your extensive reply!! My apologies for the delay - I'm an artisan and have been off doing shows for the past couple weeks.

As for your directions, my only - but biggest - problem is finding the AOL disc you recommend. The 9.0 version I currently use came already loaded on my Dell laptop three years ago and only needed activation (and after a relocation in Aug 2005, I'd be surprised if I could find THAT disc). Where do you suppose I might find an AOL 9.0 version such as you describe .. and how is it recognizable as one NOT containing the Security Version??

I did download IE 7.0 when I realized my old version wasn't working .. the executable is sitting in a Download file. Though once installed, the program freezes everything, requiring a reboot, every time I try to open it. I also have all the guardian software you mention by virtue of having gone through this cleaning process both back in January and again more recently to remove JS/Psyme.

I totally agree with you regarding your "a wise person .. will .. remove it altogether"; however, I've been an AOL customer since '90, and for the last five years have used one of the seven email addresses available to me for my business. Until I get my website up and running, my AOL business address is the sole portal for customers near and far. Don't think I haven't thought of trashing the whole program (more than once) .. but it's just not possible at the moment.

And while I await your reply with regard to this rare but desirable AOL disc, let me mention one other little weirdness: this may be nothing, but in my Network Connections, AOL is shown as "disconnected" and a 1394 High-Speed Internet connection is shown as being connected (via a 1394 net adapter). We have no high-speed access out here in the boonies. We have only dial-up. So I'm wondering how this switch might've happened, and if it might not be responsible for some of the online weirdness I've been experiencing since attempting to clean my laptop of JS/Psyme. Additionally, I have no idea how to switch it back .. or if it matters.

I continue to have trouble accessing some sites, but have found that with persistence, sometimes I can get through. It varies, with no rhyme nor reason that I can detect. One thing I can no longer do is access online clip art while working in Microsoft Publisher. I've tried repeatedly. This is a problem, as I've got a ton of holiday shows coming up and I always create my own ads, post cards, point-of-purchase signs, etc. This is one area that has been persistent, with no variation. I also am unable to search for updates for my PeachTree accounting program. I'm sure there are other things the loss of IE is affecting, I just haven't discovered them all yet.

I'm so sorry I'm such an illiterate with regard to my laptop .. it's both a great source of joy and wonder as well as a great frustration to me. I wish it were otherwise.

Will anxiously await your direction while I flounder in a sea of technology ..

Many thanks,

Karan

 

[raybay]

Call AOL. They will mail it to you. Or tell you how to download it. That disc is free at the US Post Office in most cities in Arizona.
We can also work out a way to mail you one... as soon as we find out a secure way to trade addresses.

 

[raybay]

You are not illiterate. You have a difficult problem that would frustrate anyone.
You can still get all your AOL stuff by the Free AOL version, then use something else to connect.
AOL has wised up, some, and their newest discs do not cause the same problem as the disc you installed. You will get help in this issue if you telephone AOL. Just tell them you want to remove the security features and load a fresh AOL, after removing your old AOL. You will NOT lose any settings or data, unless you use a registry editor.