pages open without control

[antalves]

Something in my computer opens sites over the internet without my permission. This Thing runs Internet Explorer and goes to certain pages, one of them por example, http://www.axillsearch.com/pop.php?refcode=MyGeek4.
The Thing also goes to certain pages when I am in a site I have chosen.
I have run AdAware, AVG free and others tools. Virus have been found and killed, but the Thing is still inside.
I have tried Mozilla, no results.
I think I need some help. My PC has WinXP

[Flame]

Have you tried 'Windows Defender"? Try Trendmicro's "Housecall" to scan as well. http://housecall.trendmicro.com/ ... Also, please send us your HijackThis logfile and post it in a message here. if you are not sure how to use HiJackThis, or don't know what it is, let us know.

Flame

[Backdated]

You've been hijacked. Carry out the procedures listed [highlight]in this post[/highlight] and post a Hijackthis logfile here when done.
If possible, zip the logfile and attach it rather than post it.

[antalves]

Nothing has changed untill now. The logfile is in anex

[Backdated]

Yours is by far the worst case of multiple infections that I've seen on this forum to date.
Did you fully and carefully carry out all the instructions in the post that I linked to in my previous reply?

[antalves]

Yes I have made the lessons at all.  I'll try again. Or, I'll format C partition next weekend

[Backdated]

Not one single instruction has been followed!!! I can tell exactly what's been done from your logfile.
If you want help then you must at least attempt to carefully follow any and all given instructions. If there's anything that you're uncertain about, just ask!

If you don't want help or can't be bothered to help yourself then please don't waste our time.

[antalves]

The only program that run was a-squared. I run AVG and AdAwrae also.  I had a similar problem in my home PC. There everything worked fine. This infected computer is in my office. I do not know why the other virus hunter did not run. In fact, the last time I used AdAware some new malware entered the pC, complicating the situation even more. To me the situation is (almost?) out of control.

I think there was no reason for such ungryness from Computer Hope team. I do not want waste your time, neither mine. I'm not here for joking.

[Armando]

As Backdated cleary stated, follow the instructions in the post he gave you a link to then post your new hjt log. You have to run all of the programs and get rid of anything they find that is not good for your computer.

Trust me, if you follow that post you'll get rid of most if not all your infections. I did it and my computer is perfectly clean now.

[edit]I noticed your programs are in portuguese, so I am assuming you are from Brazil or Portugal and maybe you didn't quiet understand what Backdated said. if so, PM me, I speak portugese I can translate for you.[/edit]

[GX1_Man]

I think there was no reason for such ungryness from Computer Hope team. I do not want waste your time, neither mine. I'm not here for joking.

If you truly want help and you get it, there is no point in not taking that advice. We sometimes get frustrated because people only do part of what is needed and wonder why they still have problems. There is no mystery with your issue. We can help, but you have to do your part. A partial solution is no solution.  

[antalves]

OK friends: next weekend I'll have time to do another (complete) scanning. I'll send for news.
(Ei Armando: sou do Br. Voce é de?)

[Armando]

Eu sou de México. Eu sei o português porque a esposa do meu pae é de Brasil e fala o português com ele.

[antalves]

Ei Armando: isso tá parecendo MSN! Minha filha morou 3 anos em Playa del Carmen, trabalhando em turismo. Há uma ano está de volta. Habla espanhol perfecto. SAludos.

[Backdated]

As I said earlier, I know exactly what's been run and what hasn't! I didn't mention AVG because although it's OK as a free AV, it doesn't come anywhere near the standard required to deal with these types of infection. For that matter, neither does Ad-Aware.

It is extremely important that any and all instructions are carried out to the letter. You cannot remove these parasites by approximation!
We don't compile these instructions for the fun of it; they are carefully considered and must be executed precisely and in the order that they are set out.
If something goes wrong, or there's something that you don't understand, then say so; don't just ignore it!

Always remember, your first responsibilty as a user of any public network is to other users of that network.

[antalves]

My pC is still out of control, no matter a deeper and a better running of anti spy, accordindly with your reccomendations. The log file is anex.
When opening XP, appears a box: "RUNDLL: Execption when trying to execute C:\WINDOWS\System32\mfcshet.dll"

[Backdated]

I still see no evidence that the procedures have been followed. However, run Hijackthis and fix the following entries. Ensure that you make backups as my Brazilian isn't that good:

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard5.exe

O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad5.exe

O4 - HKLM\..\Run: [newname] C:\windows\newname5.exe

O4 - HKCU\..\Run: [SysBrand] C:\ARQUIV~1\iGv6\sysbrand.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.4rf.com

O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\enlol1331.dll

O23 - Service: SAFMMSEventsService - Unknown owner - C:\Arquivos de programas\SAF Tehnika\SAF Management\service\SAFMMSEventsService.exe


Reboot to Safe Mode, archive the following files and/or folders using Winzip or similar and then delete them:

C:\windows\keyboard5.exe
C:\windows\mousepad5.exe
C:\windows\newname5.exe
C:\WINDOWS\system32\enlol1331.dll
C:\ARQUIV~1\iGv6\

Reboot normally and post another logfile.

Remember, you absolutely must keep backups!!!

[antalves]

After several unfruitful attempts I decided to format C: partition and made a new installation of XP.
All things  are now back to normal. The invaders were growing in quantity and "quality" each time computer were turnned on.