Spyware & Anitvirus installed and now web doesnt work pc hangs

[scotted]

Hi

I have just joined techspot today as I am totally at a loss of what to do aout my pc which has developed a bit of an attitude problem like a moody spoilt little child. This obviously stems from my exceptionally bad parenting skills of which I have no excuse except to say that I am not too computer literate.

I will do my best to post below the story of what has occured,what I have done to try and fix it (or make it worse) and the also post somne of the log files I have got.

It all started a couple of weeks ago when I realised that my pc was insecure as I had let my antivirus & firewall subscription run out.I had downloaded a spyware program (Spybot search and destroy whch told me that I had some issues to fix) I therefore went out and updated my Zonealarm firewall subs and decided to invest in the Bitdefender 2008 antivirus program.

Over the course of the bext week or so I began to have issues with my web browsers (internet explorer,Firefox & Opera) All I was getting was "page cannot be displayed,cannot find server or DNS error)

What I didnt know was if this was a problem wth a virus,malware,spyware or just me messing something up.Sine then I have restored the system to an earlier date and the problem was fixed for an hour or two and then the connectivity issue came up again.

I have run the following on my pc to determine what is wrong or hopefully get rid of nasties but the issue is still around

RegistryFix
AVG Antispyware
Spyware Blaster
AdAware 2007
Spybot Search & Destroy
Bit Defender 2008
Zonealarm
Silent Runners
SmitFraudFix (wouldnt run on my pc,just hung)
Ccleaner
ComboFix
HijackThis
IESpyad
MVPS Hosts
VundoFix
VirtumundoBeGone

I will attach the HiJackThis log and a few others in the hope that someone out there can please help me out as my wife is getting very upset with me using "her" laptop all the time. Please let me know what other logs you require and I can post these as well

Thanks very much

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your system is infected with a variety of malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[scotted]

Thanks for the welcome Howard and for the link to the Viruses/Spyware/Malware,preliminary removal instructions. I had read and followed all these instructions prior to actually posting on techspot, but unfortunately forgot to mention this in my previous post. (sorry about that) So rather worryingly the HJT & Combofix logs are good and up to date.The AVG Antispyware did not find any problems and Panda Antirootkit returned no issues.

Thanks for the help

Scott

 

[howard_hopkinso]

I wasn`t aware of that, in that case, please post fresh HJT and Combofix logs.

Regards Howard

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[scotted]

Hi Howard

Logs attached

Thanks
Scott

 

[howard_hopkinso]

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\WINDOWS\system32\ddcyw.dll
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\system32\wycdd.bak1
Folder::
C:\VundoFix Backups
Registry::
[-HKEY_CLASSES_ROOT\CLSID\{381FFDE8-2394-4f90-B10D-FC6124A40F8C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkji]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[scotted]

Hello Howard

I did as you said and have attached the 2 log files you requested

Thanks
Scott

 

[howard_hopkinso]

All clean.

Delete the following folder.

C:\qoobox

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[scotted]

Thanks Howard. You have been a great help

Scott

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.

 

[scotted]

Hi Howard

I ran bitdefender this evening and have come across a couple of viruses that the program cannot remove

Trojan Downloads.Adload.AP & Trojan.Virtumod.AD

Could you please advise what theese are and the best course of action to follow ?


I also still cannot connect to the web using my other pc and wondered where I can find a good source for resolving DNS errors and also finding out if my host file has an issue ?

Thanks very much for your help and I have attached my HJT & Combofix logs

Scott

 

[howard_hopkinso]

For your connection problem, Try Winsockfix and see if that helps.

1.) Download WinsockFix.exe. (by: Option^Explicit)
2.) UnZip WinsockFix.zip (Pay close attention to where the file is extracted to.)
3.) Run WinsockFix.exe.
4.) Click the Fix button.

If that doesn`t help, then start a new thread for that problem in our Storage and Networking forum.

Now to your problem.

Both your log files are clean.

Please can you give details of what exactly Bitdefender is finding, including the file paths and names?

Regards Howard

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[scotted]

Thanks Howard

I will run the winsok app and see what happens. I fI have no joy it will be a short little foray across the water to storage and networking.

I have attached the bitdefender log in txt format which shows the isues detected at the end of the file

Thanks again

Scott

attached this time though..sorry

 

[howard_hopkinso]

The files BitDefender is finding are all files that are already in quarantine folders. I.E Housecall quarantine and Symantec/Norton quarantine.

Empty/delete the contents of thos folders and you should be good to go.

Example.

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine<Empty/delete the contents of this folder.

C:\Documents and Settings\Scott &amp; Mel\.housecall\Quarantine<Empty/delete the contents of this folder.

Regards Howard

This thread is for the use of scotted only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.