System acting up

[Treeman]

Hi all,

My system has been acting odd for the last few days. I followed the instructions but Im still getting pop-ups and IE will not always load and require a reboot to do so. I'm also having a hard time booting into safe mode... most of the time it just hangs. I've attached my logs. Thanks in advance for the help!

 

[howard_hopkinso]

Hello and welcome to Techspot.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

O16 - DPF: Win32 Classes -

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

It appears you`re not using any antivirus or firewall software. This is a hugh security risk. Get the FREE AVG antivirus and the free Zonealarm or the free Kerio firewall(google for these).

Once you have AVG installed and updated, run a full system scan and delete whatever it finds.


Regards Howard :wave: :wave:

This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Treeman]

Ok, I did that and here's my new log.

 

[howard_hopkinso]

Your HJT log is clean.

You have still not installed any antivirus or firewall software, despite my drawing your attention to the fact in my last post.

If you have any further problems, that require you to post a HJT log, I won`t help, unless you have installed the above software.

Without the above software, your system is open to attack from all kinds of stuff.

You should also go HERE and follow the instructions exactly.

Regards Howard

This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Treeman]

I've installed AVG, Kerio and Spybot S&D. Ran AVG and SB, deleted/fixed what came up. I keep getting hits on winlogon.exe and pop-ups. Attached is my HJT log.

 

[howard_hopkinso]

You have a variant of the Virtumundo infection.

Go and run this tool HERE. Follow the onscreen instructions.

Post a fresh HJT log after doing the above.

Regards Howard

 

[Treeman]

Program run. Here's the new log.

 

[howard_hopkinso]

That`s got it. Your HJT log is now clean.

Just have HJT fix this inactive entry.

O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of Treeman only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[Treeman]

Excellent! Thanks for all your help. Much appreciated!