w32myzor.fk@yf problems

[charlie muffin]

hello,
unfortunately i'm a little naive on technical matters and i've been looking around the internet for fixes to the problem i got this morning. I registered about 1 hour ago to TechSpot in the hope someone can help me get rid of this nasty problem. Preferably in a language i can undertand. i seem to have managed to get rid of the little pop ups but still getting hijacked when going online. What can i do rather than complete restore discs?

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of charlie muffin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[charlie muffin]

better understanding

hi howard,

i've seen some of the other replies to this problem before i posted my message. Before i start trying to clean up my lap top, i better understand what i have to do.
1) Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above. What's a HJT?
2) What are AVG Antispyware and Combofix logs?
3) Panda Antirootkit scan -what's that?
4) how do i post an attachment into these threads?

if the link resolves these then fine, but i'd rather not start and then realise i don't know what to do next.

sorry for appearing dumb

 

[howard_hopkinso]

You`ll find all the relevant info in the links I gave you.

Regards Howard

This thread is for the use of charlie muffin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[charlie muffin]

hi,
so i made it as far as Panda, although it was more confusion than technical wizardry on my part.
Panda scan found nothing. Others have had varying degrees of success.
I did say i was rather untechnical - i did all the steps but don't know where the logs are you wanted me to attach.
Was i supposed to save some files somewhere?
Can i do anything to salvage the situation?

On a good note, my problem appears to have gone, for which i'm truly grateful. is their a way to make sure?

Thanks again

 

[howard_hopkinso]

Unless you post the requested log files, I can`t tell you if your system is clean or not.

Instructions for attaching the various log files are in this LINK.

Regards Howard

This thread is for the use of charlie muffin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[charlie muffin]

attachments

hi

unfortunately my stupidity is hampering progress but let's see whether this works

 

[howard_hopkinso]

Please let me know the results of the Panda Antirootkit scan.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Video Add-on Setup
WinPCDoctor

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

strpmon.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on Setup\ictmdl.dll

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\Video Add-on Setup<Delete the entire folder.

C:\Program Files\Common Files\WinPCDoctor<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post fresh HJT and Combofix logs and let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of charlie muffin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[charlie muffin]

next phase

that was a bit easier. I even think i understood those instructions, thanks.

The Panda didn't find any rootkits first time i ran it, mentioned in earlier message, and i ran it again just to be sure. Same result.

HJK and combo logs attached.

Thanks for being patient.

DTB

 

[howard_hopkinso]

Your HJT log is clean, as is your Combofix log.

Unless you`re still having problems, you should be good to go.

If you`re not having any problems, please do the following.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of charlie muffin only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[charlie muffin]

Howard

Thanks very much.

All problems now appear to have gone.
Now i need to make sure i'm better protected.
Good Lesson learned.

I can also look around this site, it would be wrong of me if i didn't admit i joined in to fix my problem but i'm sure there's more to offer here.

For someone on the dark side of the great divide (Lanc/York) you've performed with credit - much respect.

 

[howard_hopkinso]

My pleasure mate.

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.

Regards Howard