Virus problems.

[salemf]

Hi all i downloaded a stupid cr@ck from limewire and silly me i ran it. Now o have something on my computer called winantivirus2006 this little brown circle in my toolbar (as seen in the photo) i am running trendmicro pc-cillin 2007 and have scanned everything removed everything but when i restart the computer the little brown circle comes back. Also every hour pc-cillin states it has blocked 44 spyware entries or somehting like that and every now and again it comes up (pc-cillin) stating you have tried to visit a harmful website. here is the pic and the hijack this logfile thankyou. I cant for some reason upload attachments so heres the logfile.

NO picture sorry all it is is a brown circle with an exclamation mark in it and says you system is infected with psyware or unwanted software click here to find out more P.s too big to fit on one thread

 

[howard_hopkinso]

Hello and welcome to Techspot.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.


Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.


Regards Howard :wave: :wave:


This thread is for the use of salemf only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[salemf]

here the hijack this log file will post the avg one shortly

 

[Rik]

One of the isntructions you were given was to rename hijackthis.exe to hijackthis1991.exe but you have not done so!!

"C:\DOCUME~1\FARAHS~1\LOCALS~1\Temp\Rar$EX00.282\HijackThis.exe"


This thread is for the use of salemf only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Go and read this thread HERE, then post a fresh renamed HJT log. Also, make sure you put HJt in it`s own directory and not in a temp folder.

Regards Howard

This thread is for the use of salemf only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[salemf]

sry about that guys i tried all those things and some of it is gone trend micro pc-cillin keep telling me iam trying to go to some websites and occasionly its saying it has blocked beehive.exe or somehting simmilar like that. Here are hte avg and hijack this log files. And i moved hijack this and did as instructed above.

 

[howard_hopkinso]

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = thsfs02.curric.thornbury-darebin-sc-junior.edu.vic.gov.au:80

O2 - BHO: (no name) - {C30237C3-CBA1-4568-A9FE-8953AB81BB96} - C:\WINDOWS\system32\ssqrp.dll (file missing)

O16 - DPF: {326A7290-FAE3-48C5-9FBA-F071633E1EB5} (VPlayer Control) - http://www.incinemas.com.au/trailers/player/vivid_ocx.jpeg

Click on the fix checked button.

Close HJT and reboot your system.

Other than the above, your HJT log is clean.

As far as beehive.exe is concerned, do a search of your system for that file and let me know if you find it and exactly where it is.

If it`s not on your system, it may well be you`re trying to visit some dodgy website which tries to download the above file and your antivirus programme is blocking it. If that`s the case, you need to find out which website it is that`s trying to do this and not visit it any more.

Regards Howard

This thread is for the use of salemf only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[salemf]

HI i idid as told, and went one step further and took a pic of the directory where the spyware is trying to install and a new fresh HJT log. thankyou howard for all the help

 

[howard_hopkinso]

Your HJT log is clean.

That file is dumphive.exe not beehive.exe and it`s part of SmitFraudfix.

Some antivirus programmes flag it as a virus, but it`s not. You can get rid of Smitfraudfix as you don`t need it any more.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of salemf only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.