[DonVictor]

I'm getting a popup stating my "cpu was infected by unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download antispyware".

I did this earlier today without freaking thinking and was infected with the File Secures 2.1 or whatever. I think that was removed by SpyHunter3 (not sure), but yet the popup keeps coming up when surfing the web. I'm not to bright in regards to fixing anything. Not computer illiterate, but not that great with these problems. Any help would greatly be appreciated.

I checked out the locked thread regarding removal of viruses/malware/spyware, etc.but didn't want to start anything until I knew exactly what may be needed. Thanks in advance!

[Howard]

Hello and welcome to

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of DonVictor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[DonVictor]

I can't get Step 3 to work. When I click start it say's "Initialization of ESET Online Scanner and under it Error: Cannot initialize online scanner. Administrator rights required.

Lost???

[Howard]

In that case, skip that step and move on the the next step.

Regards Howard

This thread is for the use of DonVictor only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[DonVictor]

AVG wouldn't run because it says it's not a "valid WIN32 application". I think my sh*t is f**ked! I skipped that and I'm dl'ing the ad-aware now. Good call?
Note: I do have McAfee and SpyHunter3 so I don't know if that helps or not???

[Howard]

By all means, skip any steps that doen`t work until you get to the end, then attach whatever log files you have.

We`ll then see what can be done to get rid of the infection.

Regards Howard

[DonVictor]

Ok, I think I have this done and the files attached. I only have two files due to not being able to download the AVG Spyware. I did however run SpyHunter3 before and may have a log of that somewhere if that is useful. The only thing with that is it told me to copy to clipboard and I couldn't tell if anything was ever done. I may be able to search and find something or if need be, run it again with some directions (more clarified if you guys can help) and give you that info. That is if you think it's needed. Here is what I have so far: The ComboFix and HijackThis files are attached. Please, if anything isn't correct, you need something else, notify me. I may need help finding whatever it is or whatever, but will do.

Thanks for your help!
Victor

P.S. The HijackThis attachment is showing up with a red x but it works when I checked it. Don't know why it's not txt when it say's it is in my C drive. Hope it still works and is helpful.What do I do now that I sent this to you guys?

[Daveskater]

Regarding your "PS" part: That's not a problem, HJT saves logs as .log files which open in notepad, which also is used to open .txt files. The .log file attachment doesn't have a logo on our forum software which should explain the red X.

I think that the problem you had with the ESET scan is because you are running Windows Vista. Right click on the Internet Explorer shortcut and click "Run as administrator" and click allow on the popup that comes up from the User Account Control. Follow the instructions to run the scan again, it should work this time.

There could be a problem with your AVG AntiSpyware installer, try downloading it again and see if it installs (Do not save it over the previous version - either save it as a different name or delete the original installer first). If it still doesn't work then don't worry about it for now.

When Howard comes back online he will look through your logs and direct you on what steps to take next.

[DonVictor]

Thanks. I got the ESET to run, but still can't get the AVG to work. Still saying it's not a valid WIN32 or whatever I said earlier in this thread. Should I post the ESET txt or wait and see if you all need it?

[Daveskater]

Post the ESET log for Howard to look at and don't worry about the AVG program for now

Sorry I can't guide you through what entries and whatnot to fix next, but I am still learning

[DonVictor]

No problem Dave. Thanks for your help!

Here is the ESET attachment:

[Daveskater]

No problem at all mate, I expect Howard will be online this evening and can guide you through what steps to take next

[DonVictor]

Sounds great. Are those steps fairly eary to follow? I've sort of scanned through and read a few threads and it seems they are and it seems everything is fixed...so I'm looking forward to getting this done. I've never had anything like this. I'm always pretty careful, but this popup came up and I wasn't really paying attention. It looked like something from maybe my McAfee or whatever. Only thing I remember doing before that was clicking on "allow activex" for something. Oh well...hopefully you guys can help get this behind me and I know to be much more careful in the future.

[Daveskater]

I can't say how easy it will be mate, but it's not usually anything too strenuous

[Howard]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint

Close control panel.


Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\Program Files\Viewpoint<Delete the entire folder.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard

[DonVictor]

Little confused on the new HJT file. I didn't have another txt when I scanned in safe mode. Did I do something wrong? Am I supposed to go run again in regular mode and click the scan and save log button? Or does it replace the existing file already? If the latter, I'm attaching the one that was saved to my desktop. If I need to do again, just let me know.

The only thing associated with viewpoint I had was the viewpoint player which was removed/deleted. Nothing else showed up on the latter steps.

Victor

Oopps..forgot to attach the HJT and it isn't desktop, but rather from C:\ProgramFiles, etc..

Victor

[Howard]

Quote:

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Yes mate, you need to boot into normal mode, then run a fresh HJT scan and post the log.

Regards Howard

[DonVictor]

Sorry mate! I had to add the mate! Anyway, done and here is the new HJT:

I have surfed the web a little and the popup thing seems to be gone or it's just taking a break. Just thought I'd inform you of this. Maybe it's about fixed??

[Howard]

That`s now clean.

Unless you`re still having problems, you should be good to go.

Click start/run and type combofix /u into the run box and hit the enter key. Note the space between combofix and forward slash. This will uninstall Combofix and all it`s folders etc.

You may want to have a read of this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Edit: Please make sure you are running the latest version of Java 6 update 5.

Go to your control panel and double click the Java applet. Once it opens, click the update tab, followed by the update now button.

Follow the instructions and once any new version of Java has been installed, go to add remove programmes and uninstall any previous versions of Java.

Regards Howard

[DonVictor]

Thanks a lot! I uninstalled combofix as well. Should I uninstall anything else that I have downloaded or just leave it be? Seems I downloaded a lot, but if it's helpful or in no way going to effect performance I'm fine with it. I haven't had any problems so it seems to be working fine!