1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A new battle of adware

Discussion in 'Windows - Virus and spyware problems' started by Angryguy, May 4, 2007.

  1. Angryguy

    Angryguy Member

    Joined:
    Apr 22, 2001
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    My nephew's computer is infected with some sort of adware/malware. His computer was running slowly, and (more importantly) random advertisements kept popping up.

    AVG Anti-Virus found nothing. Ad-Aware and SpyBot found a lot of cookies and some junk in temp files, but haven't identified the source of the problem. Avast finally detected "Win32:Adware." I ran through both anti-virus and spyware utilities, plus an online virus scanner (ewido) and ran HiJack this, removing a few suspicious entries.

    The system seems to be running better now (no reports of random advertisements for the past few days), but I think he's still got something on there. Avast popped up earlier tonight that it blocked some jpg file from being download that was infected with a Virus/Trojan, however to my knowledge he had no websites open at the time except an AOL (the software) homepage.

    The HijackThis logfile is below. Is there anything on there that I missed?

    fyi: I am accessing his computer remotely using LogMeIn, which explains several of the items in the log. Avast and AVG are both installed atm, given Avast's greater success at finding problems, I'll likely uninstall AVG when I'm done.

     
  2. blake123

    blake123 Guest

    get this please
    http://www.filepedia.com/desktop_software/desktop_security/smitfraudfix.cfm
    If you can go in to safe mode but i doght you can because you are accesing it remotely,if you cant put smitfraudfix in local disk c
    and run.

    # Double-click smitfraudfix.exe
    # Select 2 and hit Enter to delete infect files.
    # You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    # The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    # A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
    post report please
     
  3. Angryguy

    Angryguy Member

    Joined:
    Apr 22, 2001
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    Thanks. It doesn't look like it found much, so maybe his computer is finally cleaned up.

     
  4. blake123

    blake123 Guest

    yeah,it looks pretty good but post another hijack this log to make sure we got it all.
     
    Last edited by a moderator: May 6, 2007
  5. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    No. Please do not fix if you don't know what you are doing blake123!

    Angryguy: You have Vundo-Trojan in your computer. Please rename HijackThis to scanner.exe and post new HijackThis log. Then blake123 can give you Vundofix instructions. If you can?
     
  6. blake123

    blake123 Guest

    my bad i thought there had to be a matching O2, and O20 entry for it to be vundo.But if it hides the lines its also vundo thanks for correcting me.

    # Download Vundo Fix and save it to your desktop.

    # When it has completed downloading, double-click VundoFix.exe to run it.

    # Click the Scan for Vundo button.

    # Once it's done scanning, click the Remove Vundo button.

    # You will now receive a prompt asking if you want to remove the files, click the YES button. Once you click yes, your desktop will go blank as it starts removing Vundo.

    # When completed, it will prompt that it will shutdown your computer, click the OK button.


    # When the computer has shutdown, turn your computer back on.

    vundofix
    http://www.atribune.org/ccount/click.php?id=4
     
    Last edited by a moderator: May 6, 2007

Share This Page