virus helpw32.myzor.fk@yf

[cheermom95]

Just this morning my computer went flipping crazy, get a critical systems error and when i click on it it is telling me that it is a W32Myzor.fk@yf virus that has affected my
windows\system32\programfiles\internetexplorer\mydocuments\driveC:\files

I am also getting a Spyware.cyberlog-x warning

how do i get rid of this i have scanned with anti-spyware it quarentined and removed 6 item my virus software has recently been updated and when i run it it is showing me that there are no viruses

can anyone please help me i am not the most computer smart person but i can find my way around...

 

[howard_hopkinso]

Hello and welcome to Techspot.

I have moved your thread to the correct forum.

Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cheermom95]

Hello,
I have followed all the steps thank you I believe i got that stinky nasty bug off i think no more warnings .. thank you soo much... Here is my HJT log ran this morning after all was off please let me know what needs to be removed.. thank you again..

 

[howard_hopkinso]

Your system is infected with all kinds of crap, including a very nasty rootkit/trojan.

Go and follow the instructions for the NTsystem.exe removal HERE.

Once done, post fresh HJT and Ewido logs.

Regards Howard

This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cheermom95]

hjt log

Howard I have now ran that other program, I hope i am getting to the bottom of the junk, hopfully seems like a big pile of crap building up forever and ever... Here is my new hjt log, I how do i get to my ewido log?

thank you for all your help

 

[howard_hopkinso]

That`s looking much better. However, we still need to get rid of some crap lol.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

lxamsp32.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)

O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/hostsearch (file missing)

O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)

O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://jump.altavista.com/avie5/babelfish (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\lxamsp32.exe

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Now go HERE and follow the instructions for renaming HijackThis.exe and how to post your Ewido log.

Then, post fresh HJT and Ewido/AVG Antispyware logs.

Regards Howard

This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[cheermom95]

new ajt and ewido

I hope we got it all.. makes me wonder if all this is on the computer what is on the other 2 comps that i have...omgosh... Thank you again for all your help, i hope we got it all

let me know if there are more steps to take

 

[howard_hopkinso]

Very well done. Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of cheermom95 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.