Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log And Pop-ups That Won't Go Away


  • Please log in to reply
10 replies to this topic

#1 DonPablo

DonPablo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 September 2006 - 09:45 AM

Hello all,

Below is my log file. I've been unable to completely eliminate unwanted pop-up's

Thus far I have removed DeluxeCommunication, several trojans and other items that other forums have revealed to be spyware, etc. Unfortunately, there are still unwanted pop-ups when a goggle search is done on topics such as spyware, virus etc. Any help would be appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 10:38:56 AM, on 9/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Varian\Cary WinUV\SystemInformation.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] scvhost.exe
O4 - HKCU\..\Run: [Microsoft Windows Updata] scvhost.exe
O4 - Global Startup: System Information.lnk = C:\Varian\Cary WinUV\SystemInformation.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:02 PM

Posted 28 September 2006 - 11:41 AM

It is strange that there are no 02's or 020's in the log.
A new infection is hiding these entries from a Hijackthis scan.
This means certain infections cannot be seen and are therefore hidden to the helper.
Go to this folder where Hijackthis is kept and rename the hijackthis application to "analyse".
This can be done by right clicking on the program and clicking "rename".
Press enter, then open "analyse.exe" by double clicking.
Post a new Hijackthis log from the newly named application

#3 DonPablo

DonPablo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 September 2006 - 01:15 PM

Hey Trojanator,

That makes quite a difference. I have used hijackthis quite often, but I have never (that I know of) come across this. Man, I do this as a full time job and I just can't keep up. Your help is appreciated and I'll convince my organization to make a donation.

Logfile of HijackThis v1.99.1
Scan saved at 2:11:17 PM, on 9/28/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Varian\Cary WinUV\SystemInformation.exe
C:\Program Files\HiJackThis\analyze.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\plg0\cxtpls.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINNT\system32\nsf4.dll
O2 - BHO: (no name) - {B66E7DB6-B254-4E63-ACF5-CA1C1963BD15} - C:\WINNT\system32\qommn.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINNT\system32\adrotate.dll (file missing)
O2 - BHO: (no name) - {D3ECF467-3AD3-385F-A4DF-611344D83AE2} - C:\WINNT\system32\hqj.dll (file missing)
O2 - BHO: (no name) - {D9ECA068-3FD1-6258-A4DF-611344D839B5} - C:\WINNT\system32\qjk.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: System Information.lnk = C:\Varian\Cary WinUV\SystemInformation.exe
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: qommn - C:\WINNT\system32\qommn.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#4 DonPablo

DonPablo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 28 September 2006 - 01:34 PM

Ok, So I have selected for fixing all 02's as none of them were applicable and I only left the Navlogin for the 020. Then I rebooted and ran it again. The qommn.dll reappeared in both the 02 and 020. The pop-ups are still in full force. Any thoughts?

Edited by DonPablo, 28 September 2006 - 01:35 PM.


#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:02 PM

Posted 28 September 2006 - 03:01 PM

Ok, we are dealing with a Vundo infection which needs a specific removal tool.
You won't be able to remove the infection with Hijackthis alone.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\CxtPls\plg0\cxtpls.dll (file missing)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINNT\system32\nsf4.dll
O2 - BHO: (no name) - {B66E7DB6-B254-4E63-ACF5-CA1C1963BD15} - C:\WINNT\system32\qommn.dll
O2 - BHO: Banner Rotator - {D117A61F-92C3-4450-A0C8-F425B14D4127} - C:\WINNT\system32\adrotate.dll (file missing)
O2 - BHO: (no name) - {D3ECF467-3AD3-385F-A4DF-611344D83AE2} - C:\WINNT\system32\hqj.dll (file missing)
O2 - BHO: (no name) - {D9ECA068-3FD1-6258-A4DF-611344D839B5} - C:\WINNT\system32\qjk.dll (file missing)
O20 - Winlogon Notify: qommn - C:\WINNT\system32\qommn.dll


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download VundoFix.exe to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

David

#6 DonPablo

DonPablo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 29 September 2006 - 12:35 PM

Sadly VundoFix.exe does not find anything. I have attempted to run after running hijackthis, after a clean reboot (starting nothing), No AV/Spybot running, and in safe mode. It doesn't find anything.

These two re-appear no matter what I do. I have tried deleted the files dll's in safe mode an via deletion tools. The files is always in use. I'm not sure if this dll has any other funtion, but I don't find any data on it except in other folds HiJackThis logs. Any thoughts?

O2 - BHO: (no name) - {B66E7DB6-B254-4E63-ACF5-CA1C1963BD15} - C:\WINNT\system32\qommn.dll
O20 - Winlogon Notify: qommn - C:\WINNT\system32\qommn.dll

Thanks again David!

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:02 PM

Posted 29 September 2006 - 01:20 PM

Ok, it looks like we have a new Vundo file here.
We are going to directly delete it using the Vundofix tool you already downloaded.

Double-click VundoFix.exe to run it.
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right Click inside the listbox (white box) and click "add more files"
Copy and paste the 2 entries below into the top 2 boxes (no arrows):

--> C:\WINNT\system32\qommn.dll
--> C:\WINDOWS\system32\nmmoq.*

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

David

#8 DonPablo

DonPablo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 29 September 2006 - 02:44 PM

Excellent! I wonít be back to this machine until Monday, but Iíll be sure to follow up either way. Thanks again. Have a nice weekend.

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:02 PM

Posted 29 September 2006 - 05:48 PM

Ok, i'll check for a reply later.
Have a good weekend! :thumbsup:

#10 DonPablo

DonPablo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 October 2006 - 12:24 PM

Ok, I think we may have this beatin!


Vundo Log

Listing files found while scanning....

C:\WINNT\system32\ckxhhnfm.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\ckxhhnfm.dll
C:\WINNT\system32\ckxhhnfm.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Beginning removal...

Attempting to delete C:\Winnt\system32\qommn.dll
C:\Winnt\system32\qommn.dll Could not be deleted.

Attempting to delete C:\Winnt\system32\qommn.dll
C:\Winnt\system32\qommn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 1:23:25 PM, on 10/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Varian\Cary WinUV\SystemInformation.exe
C:\Program Files\HiJackThis\analyze.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: System Information.lnk = C:\Varian\Cary WinUV\SystemInformation.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:02 PM

Posted 02 October 2006 - 12:31 PM

Excellent! Good work - the infection has been removed.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to create "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause false alarms - When the anti virus software tells you that your PC has a virus when it actually doesn't. Also it can cause system performance problems; your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Symantec.
If you remove Symantec please understand you will have to install a new firewall as the mcafee one will have been uninstalled also.

Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users