Software > Computer viruses and spyware
Very Annoying Computer Problem. Please help me.
Broni:
1. Print this post out, since you won't have an access to it, at some point.
2. Close all windows, except for HijackThis.
2. Go Start>Control Panel>Add\Remove, and uninstall MyWebSearch (if present).
3. Put a checkmark next to the following HijackThis entries:
- O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
- O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
- O3 - Toolbar: (no name) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - (no file)
- O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{04C90A36-03A1-1033-0307-010713200001}] "C:\Program Files\Common Files\{04C90A36-03A1-1033-0307-010713200001}\Update.exe" mc-110-12-0000698 (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{04C90A36-03A1-1033-0307-010713200001}] "C:\Program Files\Common Files\{04C90A36-03A1-1033-0307-010713200001}\Update.exe" mc-110-12-0000698 (User 'Default user')
- O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZN
- O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Denise\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
4. Click on "Fix checked" button.
5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts)
6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to "Show hidden files, and folders".
7. Delete following files/folders (if present):
- Update.exe file from C:\Program Files\Common Files
8. Turn off System Restore:
- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. Restart in Normal Mode.
10. Turn System Restore on.
11. Run HijackThis again, and post back its log back here.
lorddybion:
Alright, I have done everything on the last post Broni, I have attached the new log in this post. Also, the NOD32 Online Scan didn't show any threats after a complete scan.
P.S.
The Update.exe and the MyWebSearch were not present.
[saving space - attachment deleted by admin]
Broni:
Do you have your Windows firewall up, because I can't see any in HJT log?
You need to update your Java version: http://www.java.com/en/download/index.jsp
Uninstall your 1.6.0_02 version (it doesn't matter what will you do first)
We have some more cleaning to do...
Print out these instructions as we will need to close every window that is open later in the fix.
Download VundoFix:
http://www.atribune.org/content/view/24/2/
* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.
Post new HJT log.
lorddybion:
I don't think I have the Windows Firewall activated, I think a certain anti-virus recommended it. Is there a shortcut located to my Control Panel because it will be almost impossible to open functions like "My Computer" or "My Documents" without my computer going crazy. Also, a friend of mine recommended I download VundoFix (which I already have) and I have already scanned using it. But, I have encountered a file that wouldn't be deleted.
C:\WINDOWS\system32\cbxwwwv.dll
Even when my computer was rebooted, it wouldn't be deleted. When I tried to manually delete it in Safe Mode, it said that it is being used by another program.
I have also downloaded the BitDefender Free Edition, and it also found the cbxwwwv.dll Vundo, and it couldn't deal with it either. I shall attach a new HJT log.
I have also noticed that "rundll32.exe" is a running process in my Task Manager (which I have never seen before). Also, there are currently four "svchost.exe" running (which is also new). If I try to end one of them, an error message appears and it tells me that my computer will shut down in one minute. There are also some new processes that I believe are suspicious :
vsserv.exe
bdss.exe
xcommsvr.exe
lsass.exe
crss.exe
smss.exe
I do not know if this will help, but I'm just putting it out there.
[saving space - attachment deleted by admin]
Broni:
To access firewall, go Start>Control Panel, double click on Windows Firewall
Did you update your Java?
--- Quote ---I have also downloaded the BitDefender Free Edition, and it also found the cbxwwwv.dll Vundo, and it couldn't deal with it either. I shall attach a new HJT log.
I have also noticed that "rundll32.exe" is a running process in my Task Manager (which I have never seen before). Also, there are currently four "svchost.exe" running (which is also new). If I try to end one of them, an error message appears and it tells me that my computer will shut down in one minute. There are also some new processes that I believe are suspicious :
vsserv.exe
bdss.exe
xcommsvr.exe
lsass.exe
crss.exe
smss.exe
--- End quote ---
DO NOT install/uninstall, play with services, unless instructed to do so.
I'll take a look at your HJT log, now.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version