Spyware infection has detected! - Help

[rob_illinois]

I get this error message in the bottom right hand corner of my computer. It is a yellow shield with a black ! mark on it.


The message is: Spyware infection has detected! Windows has detected spyware infection which corrupted the registry.

It is recommended to load update to prevent data loss. Windows will now download and install the most up to date software for you.

Click here to protect your computer.

Then when I am in IE I get large pop up all the time which is very annoying.

Please help. Thanks

 

[howard_hopkinso]

Hello and welcome to Techspot.

Whatever you do, don`t click on the message.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rob_illinois]

Virus & Hijack Log

Here are my Hijack Log file and Report scan from AGV.

 

[howard_hopkinso]

Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\system32\qommkhh.dll
C:\WINDOWS\system32\vtuutss.dll

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

DAEMON Tools<your copy is infected with adware.
Viewpoint
Viewpoint Manager

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

SetupDTSB.exe
UWA6P_0001_N91M1807NetInstaller.exe
ViewMgr.exe
tcpipmon.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;

O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\djgwlgti.dll (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab

O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)

O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)

O20 - Winlogon Notify: winkvh32 - winkvh32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Viewpoint<Delete the entire folder.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YKMUEO8D\WinAntiVirusPro2006FreeInstall[1].cab<Delete the entire folder.

C:\Program Files\DAEMON Tools<Delete the entire folder.

C:\WINDOWS\system32\tcpipmon.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log as well as another AVG Antispyware log.

Regards Howard

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rob_illinois]

Looks clean. I do not see the popup anymore.

Thank you very much!

 

[howard_hopkinso]

That`s as maybe, but I`d still like to see the log files I requested just to make sure.

Regards Howard

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rob_illinois]

Programs not loading now.??

Everything was fine and good and now some of my programs will not load. Like Adobe PS and Cute ftp. How do I fix this issue?


Thanks

 

[howard_hopkinso]

Have you tried reinstalling the programmes that don`t work?

Post a HJT log as per these instructions.

Regards Howard

 

[rob_illinois]

Not yet. Also it is very slow and locks up. And it was fine yesterday. I think it maybe a virus. I installed AVG Anti-Spyware 7.5 and when I try to do an update it says: Error sorry the server is not ready to server. Please try agin later. Yet on another pc on same network it works fine.

Help

 

[howard_hopkinso]

I have merged your new thread into this one.

You may well be right about the virus.

That`s why I asked you to post your log files the last time I was helping you.

Post a fresh HJT log as per the instructions above.

Regards Howard

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rob_illinois]

Ok, this is a different pc, the lappie is now fine.

Here is the log file from Hijackthis.

 

[howard_hopkinso]

You were right about the infection. You`ve got at least a couple on there. It also appears you`re not running any antivirus or Firewall software. That`s a huge security risk.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[rob_illinois]

Ok I am going through the list and I am on step 11, AVG anti-rootkit tool. I did the scan and it gave me about 15 items. Do I check all of them and hit remove selected items? Or just check items in c:?

I have one for c:\program files\internet explorer\IEXPLORE.EXE

Is this right to hit remove for this?

How can I see the file it is going to remove/delete?

thanks

 

[howard_hopkinso]

If AVG Antirootkit has found so many items, it`s because your system is probably infected with a rootkit.

Run the scan and save the report. Attach the report here. Do not let AVG Antirootkit delete anything just yet.

Regards Howard

This thread is for the use of rob_illinois only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.