Virus/Malware Problem

[S.C. King]

I downloaded Winiguard not knowing it was a spyware/virus program until i read on it!!! and now i keep getting this pop that says Spyware Alert! you pc is infected and it could damage critical files or expose your private data on the Internet!!! and i also keep getting these two pop ups on the side of the screen asking me do i want winiguard to heal these problems and its like every 5 min. a pop up!!!


I NEED HELP Getting Rid Of this!!!

I Also Had This problem in this thread below that i never got to finish correcting because my e-net got cut off during the process!!!

http://www.computerhope.com/forum/index.php/topic,73803.msg507668.html#msg507668

and i couldn't download the SUPERAntiSpyware program... wouldn't let me!!!





[attachment deleted by admin]

[helene]

[Post edited for content as mentioned in chat. Please wait for Malware Specialist.]

[S.C. King]

help anyone???  evil fantasy helped me last time i think!!!

[evilfantasy]

You need to be more careful in what you are doing.

I'm going to have you uninstall some software while we are cleaning. If you want to put it back when we are done that's up to you but for now we need it gone. Also I'm not accusing you but if there is any cracked software then please remove it now.

Go to Add or Remove Programs and uninstall (if found)

• WiniGuard
• ares

.
Now delete the Ares folder located in C:\Program Files\Ares

----------

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
  
• Type 1, to choose Option 1 (Search) then press Enter
  
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[S.C. King]

yah i did have some cracked stuff!!! i deleted everything i think i had cracked!!! and the log is below attatched!!!

[attachment deleted by admin]

[evilfantasy]

Go to Add Remove Programs and uninstall:

• BearShare and anything with BearShare in the name.
  

.
----------

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:files
C:\Program Files\BearShare Applications

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[S.C. King]

here are the logs attatched!!!

[attachment deleted by admin]

[evilfantasy]

Go to Add Remove Programs and uninstall:

• uTorrent

.
Also uninstall any other file sharing software you have. This is a bad infection and it came from file sharing. I'm not sure we can fix it but we will try.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
c:\Program Files\uTorrent
c:\documents and settings\Owner\Application Data\uTorrent

File::
c:\windows\z54s5arse9878.cpl
c:\windows\system32\4f25addza9e365.ocx
c:\windows\49e5d9znloader2357.bin
c:\windows\system32\4e15stezl9759.ocx
c:\windows\system32\30942nzt-95virus33a.dll
c:\windows\6zdeaddwar93305.ocx
c:\windows\system32\94198vir5sz02.dll
c:\windows\zd1ds5eal918.exe
c:\windows\system32\z849s5yware555.cpl
c:\windows\system32\22997spa5botze.cpl
c:\windows\system32\7c75szyware9915.dll
c:\windows\c8zthreat5259.dll
c:\windows\system32\2z91threat35699.cpl
c:\windows\73a55pazse27819.bin
c:\windows\z160359rm244.exe
c:\windows\729eaddware1582z.exe
c:\windows\system32\289ethzef509.ocx
c:\windows\system32\1db7back5o9r770z.ocx
c:\windows\system32\7ebbspywzr92105.dll
c:\windows\system32\1c4b95ief142z.bin
c:\windows\9z280spy57a.exe
c:\windows\system32\aadazd9are2512.exe
c:\windows\1d119pazse5789.cpl
c:\windows\9c34zac5door26.bin
c:\windows\14c5spywarz9765.ocx
c:\windows\1485backzoo59319.bin
c:\windows\system32\19efzhie916955.dll
c:\windows\9803zhrea532445.bin
c:\windows\599cszea59511.bin
c:\windows\6z409hief5085.dll
c:\windows\system32\9z2add9a5e465.dll
c:\windows\325tezl2977.exe
c:\windows\z847v5r9s1f2.ocx
c:\windows\b65s5zal20169.cpl
c:\windows\system32\4f1cszy9are3125.exe
c:\windows\2679bac5dzor1309.exe
c:\windows\system32\164959orm21z.bin
c:\windows\system32\879baczdoo51502.dll
c:\windows\system32\1852znot-a-9i5us35b.exe
c:\windows\z339ownloade51220.dll
c:\windows\296z99ot-a-v5rus4a5.cpl
c:\windows\c75stea91841z.bin
c:\windows\system32\2z91sparse2563.cpl
c:\windows\system32\915spy655z.ocx
c:\windows\system32\91779hac5tozl27f.cpl
c:\windows\55529zyware547.dll
c:\windows\system32\6a52threat5904z.dll
c:\windows\system32\4299sparsz5169.bin
c:\windows\9838tz5j7f3.exe
c:\windows\27z5spy259.bin
c:\windows\2122down5zader9848.cpl
c:\windows\156069roj36z.bin
c:\windows\z1983t5oj4c.exe
c:\windows\system32\32z2659oj705.bin
c:\windows\45f7a9dwarez9555.exe
c:\windows\system32\3931bac5door3165z.bin
c:\windows\5590zhreat31905.dll
c:\windows\system32\3435spyza5e939.bin
c:\windows\system32\15190t5zj1ea.cpl
c:\windows\system32\1353wozm59e.ocx
c:\windows\2d0395yware91z.ocx
c:\windows\10z7395rm4a1.bin
c:\windows\system32\489cvir2955z.cpl
c:\windows\23459iz1970.ocx
c:\windows\10839wzrmb95.cpl
c:\windows\199415py7a9z.ocx
c:\windows\system32\39659worz39d.ocx
c:\windows\585dsparse29z79.dll
c:\windows\60czback59or3245.exe
c:\windows\7995thie52z93.bin
c:\windows\4zd7vir29985.cpl
c:\windows\3739spambzt579.dll
c:\windows\system32\32755tr9z74d.exe
c:\windows\system32\518as95zse207.cpl
c:\windows\system32\59z05not9a-virus128.dll
c:\windows\24116not-a-vi9zs51a5.cpl
c:\windows\system32\525z4t9oj4a7.bin
c:\windows\system32\29d9v5r6z9.bin
c:\windows\system32\20519t5oj6a9z.dll
c:\windows\448cza5kdoor3195.exe
c:\windows\system32\5603back5oor27z9.dll
c:\windows\system32\19130n5t-9-virus6z8.dll
c:\windows\5f39addwarez974.dll
c:\windows\system32\5d5asp9warz2844.cpl
c:\windows\5ebzs95ware513.bin
c:\windows\9f4cth5eat1382z.cpl
c:\windows\system32\6e29zp5rse2754.cpl
c:\windows\19542tro5962z.cpl
c:\windows\system32\225529pz691.exe
c:\windows\64d4zhr5at96910.dll
c:\windows\26295zpy925.exe
c:\windows\system32\z0908spy953.bin
c:\windows\system32\738fbackd9oz305.bin
c:\windows\system32\6095wozm375.bin
c:\windows\system32\1z509hief1182.ocx
c:\windows\system32\20543sp9mbot535z.dll
c:\windows\6692steal5z39.exe
c:\windows\z0199worm359.cpl
c:\windows\system32\392do5nloadzr9419.exe
c:\windows\395ctzreat233609.bin
c:\windows\z7633wo9m71d5.bin
c:\windows\system32\4z92bac5door2930.exe
c:\windows\system32\4ea5spy9are11z2.ocx
c:\windows\system32\93e9thief2151z.cpl
c:\windows\system32\5z65threat29252.cpl
c:\windows\zb10spy9ar5896.bin
c:\windows\system32\5ffbad9zare1054.cpl
c:\windows\system32\3295hackz9ol461.bin
c:\windows\44dfd5wn9ozder2099.cpl
c:\windows\system32\2252tz9j505.bin
c:\windows\system32\29256worm543z.exe
c:\windows\61d0adz5are9249.dll
c:\windows\afbzckdoo91541.cpl
c:\windows\14837szy25e9.cpl
c:\windows\15928troz55d9.dll
c:\windows\system32\14942troj3zd5.cpl
c:\windows\z909addwa9e645.bin
c:\windows\system32\25039pyware4z.exe
c:\windows\99177zorm155.bin
c:\windows\system32\37zfb9ckdoor20135.exe
c:\windows\system32\5z19worm212.bin
c:\windows\51428vzru948d.cpl
c:\windows\system32\5z97hacktool13.exe
c:\windows\32459irusz72.exe
c:\windows\system32\z579download95459.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[S.C. King]

here is the log attached below!!!

[attachment deleted by admin]

[evilfantasy]

This is most likely a lost cause. You have the Virut infection.

See here for more information > Virut on the rise.

There is no fixing this other than a reformat and reinstall of Windows.

[S.C. King]

when you say reformat does that mean reformat the hard drive??? cause i googled what you said do and it keeps saying reformat hardrive and reinstall Windows!!! can i just reinstall windows?

[evilfantasy]

If you don't reformat then it won't remove all of the infection.

[S.C. King]

could you give me a step by step on how to do this!!! i would use those i found on google but i just want to make sure i get rid of the infection!!!

[evilfantasy]

Format XP - http://www.michaelstevenstech.com/format_XP.htm

Install XP - http://www.michaelstevenstech.com/cleanxpinstall.html

If you need more help please start a topic in the Windows forum. I'm not the best person to advise on this issue...