I've looked thru all your threads, I've done everything on the thread: Viruses/Spyware/Malware, preliminary removal instructions. and I've run all the scans on the thread about what to do before posting your HJT log. Nothing has worked. I've found one virus with the AVG scanner (Trojan horse Downloader.Generic2.SWF) which AVG wiped out but when I restarted back out of safe mode after running all the required programs, I still had pop-ups with IE. And when I went to post this thread, I got a warning of a virus from McAfee about a New Poly Win32 and now I'm just getting desperate because it's driving me crazy. Please help. Here are my HJT log and my AVG log.
lots and lots of pop ups
- Thread starter lemortx
- Start date
- Status
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
Your HJT log is clean as is your AVG Antispyware log.
It seems you`re running multiple antivirus programmes. This is not recommended and will slow your system down and cause conflicts.
You need to uninstall two of your antivirus programmes. Personally, I recommend you get rid of Symantec/Norton and McAfee.
If you`re still having problems, please let me know.
Regards Howard :wave: :wave:
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Your HJT log is clean as is your AVG Antispyware log.
It seems you`re running multiple antivirus programmes. This is not recommended and will slow your system down and cause conflicts.
You need to uninstall two of your antivirus programmes. Personally, I recommend you get rid of Symantec/Norton and McAfee.
If you`re still having problems, please let me know.
Regards Howard :wave: :wave:
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
?
well do you have any other suggestions? i'd rather not uninstall McAfee because that came with the computer and i have a 15 month trial for it. i have no problem with the computer being slow. could they be causing any problems? i've run and scanned with about 15 different programs and only 2 or 3 have found problems. one was mcafee that came up with that New Poly Win32 (although it says it can't quaratine or delete it). it has also stopped another virus from coming thru.
the symatec/norton software is running with norton ghost but i'm not exacty sure what that program does.
if you think i could get rid of these pop-ups by getting rid of these programs and then scanning with something else, please let me know what else to do and i'll do it. thanks.
well do you have any other suggestions? i'd rather not uninstall McAfee because that came with the computer and i have a 15 month trial for it. i have no problem with the computer being slow. could they be causing any problems? i've run and scanned with about 15 different programs and only 2 or 3 have found problems. one was mcafee that came up with that New Poly Win32 (although it says it can't quaratine or delete it). it has also stopped another virus from coming thru.
the symatec/norton software is running with norton ghost but i'm not exacty sure what that program does.
if you think i could get rid of these pop-ups by getting rid of these programs and then scanning with something else, please let me know what else to do and i'll do it. thanks.
howard_hopkinso
Posts: 21,238 +17
Ok, uninstall Symantec/Norton and AVG free, then do the following.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
MessengerPlease note, this has nothing to do with MSN messenger or any other mnessenger programme.
Close the services window.
See if your popups go away.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
MessengerPlease note, this has nothing to do with MSN messenger or any other mnessenger programme.
Close the services window.
See if your popups go away.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
no, still getting pop ups. would it help if i told you the type of pop ups that we're geting? we were getting winantivirius, but i haven't seen that one around in the last few days. we're gettings ones that tell you you have a virus on the computer and you need to scan with their software, one is drive cleaner, another is internet live security center and another is security update. we've also been gettings one that seem to be advertisements for other websites like ebay, test and vote registration and a few other places. the ones that have worried me the most are the ones that come up when i'm on amazon. they actually come up in the bottom right corner with what i'm actually looking at on amazon at that exact moment with prices from other websites. i think this might have happened on a few other websites as well. we've been careful not to actually buy anything online since this started mostly because of that one. hopefully this helps a little more, i probably should have told you about these to start off with. sorry.
howard_hopkinso
Posts: 21,238 +17
Ok, go HERE and download and run the four tools as instructed.
Then, download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Do not touch your mouse/keyboard until the scan has completed.[/b] The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Post a fresh HJT log after doing that as well as the log files from the four tools and the combofix log.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Then, download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Do not touch your mouse/keyboard until the scan has completed.[/b] The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Post a fresh HJT log after doing that as well as the log files from the four tools and the combofix log.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Please run them again and post the logs as well as the combofix log and a fresh HJT log.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ladbrokesMPP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MPPoker.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\ladbrokesMPP<Delete the entire folder.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Let me know how your system is running.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ladbrokesMPP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MPPoker.exe
Close task manager.
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
Click on the fix checked button.
Close HJT.
Locate and delete the following bold files and/or directories(if there).
C:\Program Files\ladbrokesMPP<Delete the entire folder.
Reboot into normal mode, turn system restore back on and rehide your protected OS files.
Let me know how your system is running.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Sorry, I know we're being a HUGE pain in the ****. Ladbrokes is actually a licenced program that my husband uses to play poker online. He said he's perfectly willing to delete it if you think it will help and also delete the registry keys, but I thought that I might let you know that he thinks it's fine before we delete anything else.
howard_hopkinso
Posts: 21,238 +17
The reason I want you to delete that programme is because it is known to put adware on your system. I.E it can cause popups.
So, please follow the instructions exactly, in my post above.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
So, please follow the instructions exactly, in my post above.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The pop ups are still coming up. They're very persistant. When I went to folow your last instructions, I couldn't actually do these steps because the files weren't there:
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ladbrokesMPP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MPPoker.exe
Close task manager.
I did delete it in C:\Program Files\ladbrokesMPP
Go to add remove programmes in your control panel and uninstall anything to do with(if there).
ladbrokesMPP
Close control panel.
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
MPPoker.exe
Close task manager.
I did delete it in C:\Program Files\ladbrokesMPP
howard_hopkinso
Posts: 21,238 +17
This is very troublesome.
I need you to go HERE and follow all the instructions exactly. Some of the instructions wil be duplicates of what you`ve already done. However, you should still follow them.
See if that helps at all.
Let me know the results.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I need you to go HERE and follow all the instructions exactly. Some of the instructions wil be duplicates of what you`ve already done. However, you should still follow them.
See if that helps at all.
Let me know the results.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
Can you give me the filepaths to the infected files?
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
That`s a shame as without knowing where the infections are, I can`t do a right lot about it. Let`s try this.
Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.
Attach the Autoruns log here.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.
Attach the Autoruns log here.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
I've actually just run the F-Secure virus scan and it came up with two tracking cookies and a stealth application under C:\WINDOWS\SYSTEM32\KXCHTXVBFS.EXE
It seems to be having a problem getting rid of one of the cookies, but it didn't say it couldn't get rid of the stealth application.
It's decided it can't get rid of one of the cookies, this is what the report said:
Result: 3 malware found
Stealth_application (hidden item)
C:\WINDOWS\SYSTEM32\KXCHTXVBFS.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
And I guess it didn't disinfect the stealth application either.
It seems to be having a problem getting rid of one of the cookies, but it didn't say it couldn't get rid of the stealth application.
It's decided it can't get rid of one of the cookies, this is what the report said:
Result: 3 malware found
Stealth_application (hidden item)
C:\WINDOWS\SYSTEM32\KXCHTXVBFS.EXE (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
And I guess it didn't disinfect the stealth application either.
howard_hopkinso
Posts: 21,238 +17
Ah, maybe we`re getting somewhere.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
Go HERE and follow the instructions for downloading and running the Ccleaner programme.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
KXCHTXVBFS.EXE
Close task manager.
Run the Ccleaner programme as per the instructions.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
This is the filepath you need to enter into killbox.
C:\windows\system32\KXCHTXVBFS.EXE
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Keep the Killbox backups for a few days and if no problems are seen, you can delete them.
Let me know if that helps.
I`d still like to see an Autoruns log.
Regards Howard
Edit: Just seen your other post, now merged. I have updated the above instructions.
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.
Go HERE and follow the instructions for downloading and running the Ccleaner programme.
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.
Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html
Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html
In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html
Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.
Click on the processes tab and end process for(if there).
KXCHTXVBFS.EXE
Close task manager.
Run the Ccleaner programme as per the instructions.
Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.
This is the filepath you need to enter into killbox.
C:\windows\system32\KXCHTXVBFS.EXE
Once your system has rebooted, turn system restore back on and rehide your protected OS files.
Keep the Killbox backups for a few days and if no problems are seen, you can delete them.
Let me know if that helps.
I`d still like to see an Autoruns log.
Regards Howard
Edit: Just seen your other post, now merged. I have updated the above instructions.
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
howard_hopkinso
Posts: 21,238 +17
I can find nothing untoward in your Autoruns log.
See how it goes and post back if you have any further problems.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
See how it goes and post back if you have any further problems.
Regards Howard
This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
- Status
Similar threads
- Locked
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied
