Please Help Me! i Cant Get Rid of A Virus!

ok done

[saving disk space - old attachment deleted by admin]

so is it all good now?

[Malware Removal Specialist]

Almost there.

Delete these files/folders, as follows:

* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\system32\fwgogyjf.ini

* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

Next post
New combofix log
Another new Hijackthis log

k

[saving disk space - old attachment deleted by admin]

[Malware Removal Specialist]

Open HijackThis and select "Do a system scan only"

Place a check mark next to
O4 - HKLM\..\Run: [10bfcfd3] "rundll32.exe" "C:\WINDOWS\system32\fjygogwf.dll",b

Click "Fix checked"

=====

Enable Viewing Of Hidden System Files & Folders

1. Right Click Start.
2. Select Control Panel.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide extensions for known file types option.
7. Uncheck the Hide protected operating system files (recommended) option.
8. Click Apply.
9. Click OK.

Now go to C:\WINDOWS\system32\fjygogwf.dll and delete the file/folder (if found)

=====

Go to Start > Run and copy and paste next command in the field:

ComboFix /u



Make sure there's a space between Combofix and /
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

=====

Delete any logs and programs like smitfraud and vundofix from the desktop.

=====

Run HijackThis and look for the C:\WINDOWS\system32\fjygogwf.dll entry. If it is still there let us know.

Other than that the logs are clean.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Let us know if anything else comes up.

Nah cant find it. all looks good. the computers working fine. Thankyou so much for helping me

[Malware Removal Specialist]

Sounds good!

Safe surfing.....