OK, one step closer to a remedy.
Copy this file path
C:\Program Files\Tenable\Nessus\plugins\plugin.tar.gz (highlight and press ctrl+C)
Go to
www.viruschief.comPaste the file path in the window under
Quick Scan: (press ctrl+V on the keyboard to paste)
Click
Scan.
You will see a message:
ENG: It can take up to 1 minute before your scan starts, please wait!
GER: Es kann bis zu einer Minute dauern bis Ihr Scan startet, bitte warten!Once the scan is complete, copy the text in the window under
BB Code and paste it into the next post.
You can go ahead and post that log now then continue on with the rest of the steps.----------
Next go to this file
C:\Program Files\BitLord\Downloads\CYBER CD\Professional Spy\Investigating Tools\KEYKEY\keykey.exe. Look for an uninstaller and run it if it is there ( if it will run).
Restart the computer in Safe mode
In Safe Mode:
Click Start > Run.
1. Type
regeditThen click
OK.
2. Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run3. In the right plane, delete the values:
"SL Loader"="loadwin.exe"
"KK Loader"="%System%\loadkk.exe"4. Navigate to the key:
HKEY_LOCAL_MACHINE\Software5. In the left plane, delete the subkey:
ScreenLogger6. Navigate to the key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services7. In the left plane, delete the subkey:
KeyKey8. Exit the Registry Editor.
9. Restart the computer in normal mode.
----------
Run ATF Cleaner.
----------
Next run the
Symantec W32.Esbot Removal ToolDownload the tool and folow the instructions.
-----------
We will try to not have to run another online scan due to the connection issues.
Please download
DrWeb CureIt & save it to your desktop.
Scan with DrWeb-CureIt as follows:- Double-click on drweb-cureit.exe and then click Start.
- An Express Scan of your PC notice will appear.
- Under Start the Express Scan Now Click OK to start.
- This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
- Once the short scan has finished, Click Options > Change settings
- Choose the Scan tab and UNcheck Heuristic analysis and click OK
- Back at the main window, select the Complete scan button.
- Then click the Green Arrow Start Scanning button on the right and the scan will start.
- Click Yes to all if it asks if you want to cure/move any file(s).
- When the scan is done.
- In the Dr.Web CureIt menu on top left, click File and choose Save report list.
- Save the DrWeb.csv report to your Desktop.
- Exit Dr.Web Cureit.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
[/COLOR]
- After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
- Copy and paste that log in the next reply
----------
Then make sure the AVG is update, boot to safe mode and run a full system scan with it.
----------
Next post
DR. Web log
New HijackThis logAlso let me kkow how the computer is now.