Unknown Icons on the Desktop

Status
Not open for further replies.
F

Fairly

Posts: 7   +0
Hi there

I have got three unknown desktop icons. 1. Error Cleaner 2. Privacy Protector
3. Spyware and malware protection
The properties show the follwing link.
http://virusprotectionproonline.com/shandler.php?sid=502&aid=398&said=0&pn=0&sg=1

When the Pc is switched on (not connected to the internet) a message appears "windows has detected an internet attack attempt ....... Click here to download the protector. Even if I close the message it attemps to connect to the internet and even when I click of Off line it tries to load the following pages

http://www.safewebnavigate.com/index.php?sid=502&aid=398&said=0&pn=0&pid=1

http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2


I already had Hijackhtis Software and ran a scan report which is copy pasted below. However I have read some instructions on this forum and let me know whether I need to do a new download. Please assist me further. Help much appreciated.
 
Your HJT shows a malware called webHancer ,don't delete it directly from your program files folder or it would block your internet access,use the control panel -> add/remove programs option.
************************************************
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab

This is also a malware and you need a anti-spyware or malware cleaner for this.You could post logs of that.
 
Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard :)

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
New file Analyze

Hi
Downloaded the HJT changed the name to Analyze.exe and the scan report is attached.
I tried to remove the Webhancer from the Add/Remove programs but could not find there.
I will do the next step once I know the results of this file.
many thanks
 

Attachments

  • analyzethis27aug_.txt
    8.7 KB · Views: 6
Your HJT log shows your system is badly infected with malware.

Follow the instructions, then once you`ve completed them, post the requested log files.

Regards Howard :)

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Scanning

Hi there

Please let me know when step 11 (or when any other scan is done) whether this can be performed in the Safe mode. When I attempt to do this in the normal windows mode the usual popus come and start opening new Internet pages.
many thanks.
fairly
 
Steps 11 and 12 are meant to be done from normal mode. Only when you get to step 13 are you supposed to boot into safe mode.

Just try and follow the instructions as exactly as you can.

Regards Howard :)

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
latest reports

Hi there
Ran the processes several times.
The Rootkits message said there are no installed rootkits.
The Norton scan found one file wr-1-32-exe. the directory is given as c:/Windows/wr.exe. Could not delete.
Ran the processes again and ran the AVG antivirus. - message was nothing found.
The latest Hijack this is attached. (there are two files ran at different times)
Please let me know whether I should continue the process once more.
Many thanks.
 
Download Vundofix from HERE.

Double click the Vundofix.exe to run it.

Right click in the vundofix window and click add files.

Enter the full file path/s to the files you want Vundofix to delete and click the add files button, followed by the close window button. Click the remove vundo button and let Vundofix do it`s stuff.

These are the filepaths you need to enter into Vundofix.

C:\WINDOWS\wmpdev.dll
C:\WINDOWS\wmphost.dll
C:\WINDOWS\mxduo.dll

Once you`ve done the above, post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
new files

hi
I have done the Vundofix. However at the time of last reading the Combofix was apparently not working (you mentioned to skip that step). So I will do that run separately and attach the files. Meantime the HJT and AVG reports are attached.
 
Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=zuzed004YYID_ZZzer0 00

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://www.google.com

Click on the fix checked button.

Close HJT and reboot your system.

Post fresh HJT and Combofix logs.

Regards Howard :)

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Scan results

Norton had a problem. I tried the online virus and also downloaded AGV antivirus. The AGV identified Hijack this (analyse this) as a potential virus and deleted. there were no other files identified.
 
Your HJT log is clean.

I asked you to post a fresh Combofix log, instead you posted a Combfix quarantine log.

AVG`s detection of HJT as a virus, is a false positive.

Regards Howard :)

This thread is for the use of Fairly only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

swissnavyseaman
  • Locked
Inactive Thanks for the help!
Replies
3
Views
2K
Broni
Broni
C
Solved Trouble with IE, Edge and Chrome
2
Replies
41
Views
7K
Broni
Broni
B
  • Locked
Inactive-A Unknown virus / malware
Replies
13
Views
3K
Broni
Broni

Latest posts

Back