I did an online virus scan on trendmicro.com and it's the only one that picked this up. I have no idea how to fix it and there isn't much information on it.
Renos is Smitfraud, but you have another infection that needs to be dealt with first. Download [bold]LSPFix[/bold] from here. You may not need it, but download it just incase you do. Go to [bold]Start[/bold] > [bold]Control Panel[/bold] > [bold]Add/Remove Programs[/bold]. Look for and remove [bold]New.Net[/bold]. If it is not listed, then go here and follow the removal instructions in [bold]Procedure 4[/bold] at the bottom of the page. If you loose internet connection after removal run LSPFix, otherwise you may delete it. And for the 'renos' or in your case it's Zlob/Myzor. Download SmitfraudFix.zip to the desktop from here * Extract the files to the desktop. [bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet. * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Open the SmitFruadFix folder. * Double-click smitfraudfix.cmd * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt. Please post back with the contents of rapport.txt and a new HijackThis log.
Thanks a lot for your help! Things are starting to look a lot brighter. I don't see any more symptoms.
Did you follow the instructions for the New.Net removal? Also, I need to see the SmitfraudFix rapport please.
I removed New.Net but I think another one appeared, and I've deleted it already. Here's the rapport, but it's not the first one. I think I overrided it when I did it a second time on accident.
Okay, now New.Net is gone. Run a scan only with HijackThis, check these: [bold]O2 - BHO: (no name) - {2810fba5-55ec-4bee-8263-0e2fa5883768} - C:\Program Files\QualityCodec\isaddon.dll (file missing) O3 - Toolbar: (no name) - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - (no file) O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll[/bold] <--not bad but not needed because it belongs to version 4.0 which is old. [bold]O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab [/bold] Close all windows except HijackThis, then click "Fix checked". Go here to download the trial version of [bold]AVG Anti-spyware[/bold]. Install and open AVGAS. Click "[bold]Update[/bold]" then click "[bold]Start update[/bold]". After updating, close AVGAS. [bold]Note[/bold]: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet. Restart your computer in safe mode(press [bold]F8[/bold] upon boot, select "[bold]Safe Mode[/bold]" from menu and press [bold]Enter[/bold]). Open AVGAS and click "[bold]Scanner[/bold]". Click "[bold]Complete System Scan[/bold]". When it finishes scanning, set all items to "[bold]Quarantine[/bold]". Click "[bold]Apply All Actions[/bold]". Click "[bold]Save Report[/bold]" and save it to the desktop. Restart in normal mode and post back with the AVGAS report and a new HijackThis log.
Okay, last scan, just to be sure nothing remains. Go here to run [bold]ActiveScan[/bold]. Click "Panda ActiveScan". Fill in the form with your information. When it finishes, click "See Report". Click "Save report" and save it to the desktop.
