My Hijackthis log

[helpmepleeeze]

I've done everything that was asked in the forum that tells you what to do before you post a log. I couple of scans came back and cleaned what I thought was the problem, but when I restart my computer I get a "real time infection alert" from my virus scan that I have been infected with Win32 Actux.A. It's a downloader trojan. My virus scan won't clean it off completly for some reason. It's a really annoying virus, as are many, but when I am on the web it has a million pop ups and will transfer me to sites on it's own. Can someone please help me. Thanks!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint\Viewpoint Manager
Desktop Messenger\8876480

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr_.exe
BackWeb-8876480.exe
VSL04.exe
TrueInstallSBC.exe

Close task manager.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost Fix this if you haven`t set this yourself.

O2 - BHO: (no name) - {6C65171A-3D03-4126-A58B-C75B71D4CE2B} - C:\Program Files\Outlook Express\horedova.dll (file missing)

O2 - BHO: (no name) - {6DA1733F-389D-4E38-BBFD-49A509D94D43} - C:\Program Files\Outlook Express\horedova.dll (file missing)

O2 - BHO: (no name) - {DDC7D6AE-360F-488C-B5C6-96320DC12FE7} - C:\Program Files\Outlook Express\horedova.dll (file missing)

O2 - BHO: (no name) - {E3950C54-3C41-4950-A94E-7037E161CB43} - C:\Program Files\Outlook Express\horedova.dll (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [VSL04.exe] C:\WINDOWS\System32\VSL04.exe

Fix all 016-DPF entries.

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = WestAir.local
O17 - HKLM\Software\..\Telephony: DomainName = WestAir.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F560D7B-B884-49D9-96C1-60A530F22747}: NameServer = 192.168.1.250,64.192.0.10,64.192.0.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = WestAir.local

Only fix the above 017 enties, if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files(if there).

C:\WINDOWS\System32\VSL04.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

Reboot into normal mode and turn system restore back on.


Regards Howard :wave: :wave: