Supposed Blackworm infection / WinAntiVirusPro 2006 popups

Status
Not open for further replies.

thesuperchico

Posts: 7   +0
Lately I have been getting different annoying popups from various websites. The main one is a window opening up stating an infection by the blackworm virus and when I close it it opens up another popup with the WinAntiVirusPro 2006 website advertsing. I have also been getting popups from adultfriendfinder and various other non-related/P2P websites as well.

I run Norton AV, windows defender, Ad-Aware, and Spybot S & D yet this "infection" persists. I need step-by-step help in solving this issue.
 
I appreciate your wanting to help me. But Im not sure exactly what type of infection I have or what to look for. I need step-by-step instruction on how to fix my problem. If you can, please take a look at my HJT logfile and let me know what I need to 'fix" and how to go about it, and what else I need to do. This includes any clean up in safe mode or without system restore on....

Thank You!!
 
I read through the stickies you mentioned, but Im not sure if I have a torjan or spysheriff or what exactly. That's precisely why Im seeking the help! I posted my HJT file in my first post, but it must have been edited out???

Anyways, I need precise help, for my particular situation. Im not a computer genius, just someone who knows some about computers but not exactly super-savvy about them. Therefore I might need some step-by -step help.

Please help!! Im desperate!!

Thesuperchico
 
furthermore, I have already tried several different approaches to removing the possible Look2Me virus. But since those have yet to work, I need more precise help for my exact situation. My problem mimics what Look2Me does, but its not Look2Me, at least I dont think it is...

Any help appreciated!!
 
Ok, I ran the trend micro porgram as well as the 2 "stickies" reccomended by RBS all to no avail. I am still having the same problem. Attached is my HJT logfile in text form:

PLEASE HELP- I need specific instructions as Im not as computer savvy as I like to think I am.....
 
Your main baddie has now gone.

Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html


Run HJT with no other programmes open and have HJT fix the following entries, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120489635893
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124296948781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FD77D76-4814-4C61-9CCD-A9D8260E67A9}: NameServer = 130.101.5.4 130.101.5.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FD77D76-4814-4C61-9CCD-A9D8260E67A9}: NameServer = 130.101.5.4 130.101.5.5

Only fix the above 017 entries, if they don`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

Your machine should now be clean.

Regards Howard :)
 
Howard,

Thanks for all your help! I stayed up all night trying to figure this one out and get some help. Thanks to you I think I set it straight, at last! I will let you know in a couple days if I have trouble with the problem again.

THANKS AGAIN!!!!

Sincerely,

Thesuperchico
 
If you had READ and FOLLOWED the instructions that were given you in the first place, Howard would not have had to spell it out for you!
Just because you are TOO LAZY to follow EXPLICIT instructions, you think you can hide behind the cloak of "I'm not computer savvie".
It's lazybones like you that make people stop helping others!
 
Status
Not open for further replies.
Back