Malware/Spyware problems (logs attatched)

[naters0913]

Hi, I am having problems with my computer. Just recently, it has been acting very weird (running slower and there are alot of error messages coming up about internet explorer.) If you could, will you please help me?


~ Thanks ~

Nathan

[attachment deleted by admin]

[evilfantasy]

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

• Double click on RSIT.exe to run.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

[Karnac]

evilfantasy,

I just tried to download RSIT.exe and it triggered an EXECvariant.C Trojan on my AV program......thought you should know.

[evilfantasy]

It's not a trojan. Just allow it to run.

[naters0913]

ok here it is...

[attachment deleted by admin]

[evilfantasy]

You posted both of the same logs. I need the one called log.txt

[evilfantasy]

Update your Mozilla Firefox Browser
Recently there have been vulnerabilities detected in older versions of Mozilla Firefox.
It is strongly suggested that you update to the current version.
Mozilla Firefox 3.0.7
You can update it by clicking Help > Check for updates... at the top of the Firefox browser.

----------

You need to run the AVG installer >>Click Here<<.

Once you start the installation you will have the option to Install or Uninstall AVG. Choose to Uninstall.

----------

After that restart the computer and then post a new RSIT scan log. It will only create one this time.

[naters0913]

ok sorry about not putting that other log




[attachment deleted by admin]

[evilfantasy]

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

• ViewMgr.exe - Useless
  
• Viewpoint to Plunge Into Adware

It is suggested to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  
• Viewpoint Toolbar
  
• Viewpoint Experience Technology

.
----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
• O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
• O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
• O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

.
Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Delete the fixme.reg from the Desktop.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[naters0913]

when I ran combofix, there was are error messages that come up saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

[evilfantasy]

I see the parental controls. Do you not have administrator rights on your account?

[naters0913]

I do have administrative rights

[evilfantasy]

Did you put ComboFix directly on the desktop?

Try this.

Rename ComboFix, right click on it and name it Combo-Fix. Try running it now.

[naters0913]

i saw the problem... it was Comodo and even when you close it, it still keeps on running i guess..


so i uninstalled it..


here is the log (finally)



[attachment deleted by admin]

[evilfantasy]

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\32788R22FWJFW.7.tmp
C:\32788R22FWJFW.6.tmp
C:\32788R22FWJFW.5.tmp
C:\32788R22FWJFW.4.tmp
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Please reinstall your antivirus now.

Also let me know how the computer is now?