Need help with the removal of virus - What else can I try?

[Josh_Benner]

I've had some viruses/trojans/spyware on my computer for a few days now and they just won't go away. I've tried AVG, Ewido, Trojan Hunter, Smitrem, Smitfraudfix, Look2Me Destroyer, Rogue scan fix and combofix but to no avail.

I've seen ishost.exe, issearch.exe, isnotify.exe and ismini.exe in task manager and i've run scans with the ulilities mentioned above and they say they have removed them but they keep coming back.

Also, every few minutes ewido and avg pop up saying virus/spyware found and i click heal/quarantine but they keep coming up again and again.

Here is what they pop-up with:
Adware.Toolbar888
Trojan.Starter.65
Downloader.Zlob.aig
Adware.Generic
Adware.Softomate
Trojan horse Pakes.U
Downloader.Obfuskated
Trojan horse dialer.28.A
Trojan horse Downloader.Generic2.CXP
Trojan horse Downloader.Generic2.JVP
Trojan horse Downloader.Generic2.JVQ

Is there anything I could do?
Thanks in advance

I have attached my hijackthis log aswell.

 

[Rik]

You can search for and remove them with regedit if you know what you are doing.

 

[Josh_Benner]

I have used regedit before but I don't know what to remove in this case.
Could you give some guidance please?

 

[tomrca]

hi Josh_Benner.
go here. be sure to follow all the instructions within the posting,(using all the scans does show in the hjt) then post a fresh hjt log and maybe your ewido scan report too.

are you running a firewall? doesnt seem to be one active.

 

[Rik]

I'm happy to guide you but, you must first understand that regedit can seriously screw your system up and is more than capable of completely killing it beyond any chance of recovery (apart from a re install that is).

The use of regedit is a serious risk to your pc if you are not 100% sure of what you are doing with it.

Removal of "pests" in this fashion can lead to other problems and/or popup warning messages.

If you wish to remove "pests" with regedit you do so at your own risk.

Having said all that, I'm willing to help if you are happy with the risks.

 

[howard_hopkinso]

Hello and welcome to Techspot.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html



Go to add remove programmes in your control panel and uninstall anything to do with(if there).

SigXC

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SigX.exe

Close task manager.

Run a full system scan with your antivirus programme and delete whatever it finds.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKCU\..\Run: [SigXC] D:\Programs\SigXC\SigX.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

D:\Programs\SigXC

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Go and follow the instructions in this thread HERE.

Post fresh HJT and Ewido logs, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Josh_Benner]

I have done everything you said Howard and have attached a new HJT log and a ewido report.

Tomrca, you are right, I am not running a firewall. I shall download one soon, after I have sorted out this virus(es). Also, I have not done any of the scans listed in your link but I have done the panda online activescan. I will do a couple of the others later.

And finally rik, I am happy to use regedit and accept the risk when using it.

Thank you all for replying.

 

[howard_hopkinso]

Your HJT log is clean.

Get that firewall software installed ASAP.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Josh_Benner]

I'm still having these virus problems!

I am also getting (forgot to mention this before) random pop ups from Internet Explorer (even though I always use firefox) saying things such as "Your anti virus software is inadequate. Press OK to download WinAntiVirus Pro" or something similar.

I have attached a fresh Hijackthis report.

Some of the viruses are in the C:\WINDOWS\Temp folder but once I get rid of them and clear out the temp folder, they come back soon after.

Thanks

 

[howard_hopkinso]

I can find nothing nasty in you HJT log.

However, you should go HERE and follow all the instructions exactly.

Let me know the results please.

Regards Howard

This thread is for the use of Josh_Benner only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[tomrca]

hi josh benner
there is some information here concerning win antivirus pro. perhaps you could check to see if any of there are any of these entries in you registry etc.

what do you think Howard.

i went to site where this was advertised and got a pop-up that covered the whole screen, but it was a web popup and not in my pc.
this is what i got when i tried to access their site from my firewall/web filter,

The Web site that you are trying to access has been blocked following the configurations set for the Web Site Filter.


To view this Web site:
- If the Antifraud Toolbar is available, click Manage Exceptions, and then select This address is always accessible
- If the Antifraud Toolbar is not available, open the main console and add the address in the Antiphishing & Content Protection > Web Site Filter > Approved List




Address:
Type: Adware / Joke Program / Cookies

Edit: Removed url

 

[howard_hopkinso]

Winantivirus is a real nasty programme and should be uninstalled from add remove programmes if you have it.

It purports to be an antivirus programme, but in reality it floods the computer with malware.

The Winantivirus website should be avoided like the plague.

Regards Howard

 

[Josh_Benner]

I have never downloaded winantivirus before and never planned to. I will definately avoid their website.

Thanks for all your brilliant help, I'm pretty sure the virus has gone now.
If I don't post another message, it's definately gone.

Thanks again everyone!

Josh