Getting pop-ups but,no adware now...

[Kyle]

Had some kind of virus-Ran 'Spybot - Search & Destroy'-Did the restart and the immunize and everything.
And now it says i have nothing.
But,I just got to pop-ups from websites i always visit and never get them.
Any ideas,On what I can do now guys?
 

[Kyle]

Here is the link to the pop-up I keep getting:
hxxp://www.registrydefender.com/l/indexsg.asp?utm_source=CD450&kwd==ron_110471

[CBMatt]

First of all, when you want to post a link to anything of this nature, please replace the http with hxxp.  Granted, the page itself isn't harmless, but we don't want to take any risks.

Now, to see if you're still infected (and to start the removal process), please follow the steps in this link:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

[Kyle]

First of all, when you want to post a link to anything of this nature, please replace the http with hxxp.  Granted, the page itself isn't harmless, but we don't want to take any risks.

Now, to see if you're still infected (and to start the removal process), please follow the steps in this link:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Oh,sorry about that.
Yep still infected.-I am almost done with step 3 now.Will post logs A.S.A.P. looks like its a Vundo virus.

[Kyle]

Here are my logs.
I have not had pop-ups since I ran SUPERAntiSpyware.


[Saving space - attachment deleted by admin]

[Kyle]

Also here is the first SUPERAntiSpyware scan I did.
I had to run it a 2nd time due to my PC shutting off.In the middle while it was taking care of the files.
Thanks!

[Saving space - attachment deleted by admin]

[CBMatt]

Vundo is definitely involved.  Of course, when popups are involved, Vundo is present about 85% of the time.  We've made some progress, but I'd like to have you run another scan that will show me if you have any other traces of the infection...

Download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here, along with a new HijackThis scan.  Note: Don't click on the window while it's running; this may cause stalls.

[Kyle]

Thanks here are my new logs.
=]


[Saving space - attachment deleted by admin]

[CBMatt]

Great, ComboFix appears to have picked up the remaining traces.  Go ahead and uninstall it now.  Simply go to Start > Run and type in combofix /u (note the space) and click OK.

Then download and run this file:
http://fall.cerrocoso.edu/csci252-ftp/csci252/meichtry/borrow/fixappinit.reg
When prompted, click Yes.  You may then delete the file.

You should then open My Computer and go to Tools > Folder Options and click on the View tab.  Click on the dot next to View hidden files and folders and click OK.  Search in C:\WINDOWS and C:\WINDOWS\system32 for a file named rtrbos.dll.  If you find it, delete it.


Once you've done the above, you may then go back to the Folder Options and hide the files/folders again.  Then post back here to let me know how everything went.

[Kyle]

Matt,I did uninstall  combofix but,the below link is dead.

Great, ComboFix appears to have picked up the remaining traces.  Go ahead and uninstall it now.  Simply go to Start > Run and type in combofix /u (note the space) and click OK.

Then download and run this file:
http://fall.cerrocoso.edu/csci252-ftp/csci252/meichtry/borrow/fixappinit.reg
When prompted, click Yes.  You may then delete the file.

You should then open My Computer and go to Tools > Folder Options and click on the View tab.  Click on the dot next to View hidden files and folders and click OK.  Search in C:\WINDOWS and C:\WINDOWS\system32 for a file named rtrbos.dll.  If you find it, delete it.


Once you've done the above, you may then go back to the Folder Options and hide the files/folders again.  Then post back here to let me know how everything went.

[CBMatt]

Sorry, the server I'm using appears to be having some issues.  No matter, I'll just have you create the file manually.  It's quite simple.  First, copy everything in the code box below (highlight, right-click, select Copy)...

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
Open Notepad and paste the text there (Ctrl+V).  Then go to File > Save As.  Click on the Save As Type arrow and select All Files.  Save the file to your desktop as fix.reg and double-click on it.  If you are asked to Run or Cancel, select Run.  When asked if you would like to add the file to the registry, click Yes.  You can then delete the file.


Also, did you try searching for that rtrbos file?

[Kyle]

Sorry, the server I'm using appears to be having some issues.  No matter, I'll just have you create the file manually.  It's quite simple.  First, copy everything in the code box below (highlight, right-click, select Copy)...

Code: [Select]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
Open Notepad and paste the text there (Ctrl+V).  Then go to File > Save As.  Click on the Save As Type arrow and select All Files.  Save the file to your desktop as fix.reg and double-click on it.  If you are asked to Run or Cancel, select Run.  When asked if you would like to add the file to the registry, click Yes.  You can then delete the file.


Also, did you try searching for that rtrbos file?

Done.
And then I did not but,I just did and could not find the 'rtrbos' file.
When I did just turn on my PC something was kinda weird...Like the text on every web page was smaller.
And the icons on the left of my desktop were getting cut off.
I have just fixed this,But,Did want to let you know. 

[CBMatt]

Well, with everything done, your computer should be clean now.  The text and icons may have just been an odd fluke.  Go ahead and use your computer as you normally do and if you experience anymore issues, let me know.