Virus help?

[Lilli]

my computer has decided within the last few weeks to rebel against me and misbehave:
i get multitudes of pop-ups, literally 10-15+ within a few minutes, as well as several different "antivirus" programs that continually pop up and try to download themselves. currently there is one with a "license agreement" screen that, upon showing up, cannot be closed.
usually after a while of this, my start bar disappears and i have to reboot before it will come back.
i'm using windows XP, and have mcafee security software which at least 3 times a day says it has detected a trojan or bad program and that it has been removed.
also, when i reboot my computer, my desktop has started coming up blank, and a warning message says that "x is a bad image please check it against your installation diskette".
so basically, i'm on self-destruct here and could use some help!
thanks!

 

[tw0rld]

Malware removal instructions

Follow Instructions here; https://www.techspot.com/vb/topic109461.html, then post logs

 

[SpiritWind]

Hi :

Better and simpler are the "Instructions" at

https://www.techspot.com/vb/post645589-1.html .

 

[sllewe]

Or I could just do it in person lol. But just follow the guides and if you need help (they can be a bit confusing) post here or you know where I'm at.

 

[tw0rld]

??

Hi :

Better and simpler are the "Instructions" at

https://www.techspot.com/vb/post645589-1.html .

They are the same.

 

[Lilli]

first log

malwarebyte's log attached

 

[tw0rld]

There should be three logs. More importantly is the HJT log. 85 infections in mbam log. I need the HJT log.

 

[Lilli]

2nd log

i know, i'm working through them...
superantispyware attached

 

[tw0rld]

Based on both logs, it must have been a while since you last checked your system for Malware.

 

[Lilli]

3rd log

guilty...

and here's the HJT, sorry they're all separate.

i appreciate the help!

 

[tw0rld]

Reset IE to default

To use RIES in Internet Explorer 7, follow these steps:
1. Click the Tools menu, and then click Internet Options.
2. On the Advanced tab, click Reset.
3. In the Reset Internet Explorer Settings dialog box, click Reset.
4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.
Note If you cannot start Internet Explorer 7 for some reason, use RIES from Internet Options in Control Panel.

 

[Lilli]

i don't generally use internet explorer...i have it, and for some reason that's what all my pop-ups come up on, but i usually use firefox. does that make any difference?

 

[tw0rld]

Run Hijackthis again, check the following and click fix checked.

O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.trustedantivirus.com

Remove the following from startup list using msconfig
How to use msconfig
Start > run > type Msconfig > select startup tab > uncheck the following

1. qttask.exe
2. iTunesHelper.exe
3. sprtcmd.exe
4. jusched.exe
5. DSAgnt.exe
6. msmsgs.exe
7. msmsgs.exe
8. sprtcmd.exe
9. SUPERAntiSpyware.exe
10. RCADetective.exe
11. reader_sl.exe
12. DMXLauncher.exe
13. quickset.exe

Update the following
Adobe acrobat reader

Make sure Mcafee is updated with latest definitions then run scan.

Install, update, and apply immunization using Spybot S&D; http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html
run a scan remove what is found if any.

Make sure that you have done the procedure mentioned in the previous post(Reset IE to Default Setting).
When done post New HJT log.

 

[tw0rld]

i don't generally use internet explorer...i have it, and for some reason that's what all my pop-ups come up on, but i usually use firefox. does that make any difference?

Still perform the procedure. Some IE settings are missing.
I am off to bed. I will look at your log 2morrow.

 

[m.adib_87]

anti virus

hai......


what anti virus surpose i use?

 

[tw0rld]

hai......


what anti virus surpose i use?

You need to start your own thread, but avira is a good start;http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?cdlPid=10877501

 

[Lilli]

new hjt log

the new log is attached
thanks

 

[tw0rld]

Good to go!

Looks good!
Just remove a few more things from startup list using msconfig

• winampa.exe
• Reader_sl.exe
• aim6.exe
• ctfmon.exe
• sprtcmd.exe
• dsca.exe

Everything looks fine. I see no sign of any threats. Just practice safer browsing. Make sure that all your security software are updated, also perform frequent system scans.

Safe Browsing Practices.

• Make sure your computer is updated!
• Browse the Web with an up to date browser!
• Run anti-spyware programs weekly.
• Run Anti-virus programs to search for viruses.
• Set your Operating System to always show file extensions.
  

  Go to 'My Computer' - 'Tools' - 'Folder Options' - 'View' tab - and take the check out of 'Hide file extensions for known file types'.

• Other Safe Browsing Practices

* Stay on trusted web sites.

* Never follow a link in an email that wants you to update account/personal information.

* Do not open unknown email attachments.

* Links may not be what they seem. Hold the mouse pointer over a link to see the actual link location (usually displays in the bottom left).

* Do not run programs that are of unknown origin.

Info taken from here; http://www.bio.fsu.edu/complabs/safebrowse.php I'm too lazy to make a list of my own.

 

[Lilli]

thanks for all your help!