[vicki-scott@hotmail.com]

I have been infected with these to. Need help removing. I have Trend Micro Security and so far they have not been able to help me remove them. I see you've helped a lot of people. Help!!

[Howard]

Hello and welcome to

Please read this thread HERE and follow the instructions exactly.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Hi Howard thanks for helping me. I followed your instructions exactly. When option 3 was complete there 2 bak files left. I ran option 2 and 3 again and this time it was clean. I had already downloaded hijackthis pror to this sestion however I did not down load as you instruct here. so I re-downloaded from your link. But when I right click on the file it locks up. It will run with out renaming it but I'm not sure if this ok. Here is the log it generated please advise.

[Howard]

Please post log files as attachments.

You have not renamed HijackThis.exe as per the instructions. Neither have you attached an awf.txt after running option1 of the FindAWF tool.

Please post the requested log files.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Daveskater]

Quote:

Originally Posted by vicki-scott@hotmail.com

when I right click on the file it locks up.

Click on the file once to select it and then press F2, then you can rename HijackThis to Crusty.

See here for instructions on how to upload logs as attachments

[vicki-scott@hotmail.com]

Thanks for that here is the log file. Hope this worked

Did you get it?

[Howard]

Your HJT log is clean.

However, you still haven`t posted an awf.txt after running option1 of the FindAWF tool.

Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

Please download FindAWF to your Desktop.
Double-click FindAWF.exe to start the tool.
Select "option #1 - Scan for bak folders" by typing 1 and press Enter
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt as an attachment.


Please post the Combofix and the awf.txt logs.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Ok here they are.

[Howard]

Your awf.txt is clean, your Combofix log is not. Please do the following.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

Quote:

File::
C:\remover2.bat
C:\process.exe

Folder::
C:\Program Files\Viewpoint

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

This happened when I started it. Also should I turn off Trend Micro Security?

Windows can not find c:\windows\system32\kmd32.exe

[Howard]

There shouldn`t be any need to turn off Trend.

Try the instructions above again and see what happens, if you still have problems, we`ll delete the files manually.

Edit: Are you sure the missing file isn`t cmd32.exe and not kmd32.exe?

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Ok it worked here is the file.

[Howard]

That`s great, the log file is clean.

Please do the following to finish up.

Click start/run and type combofix /u into the runbox and hit the enter key. Note the space between combofix and the forward slash. This will uninstall Combofix and all it`s folders etc.

You can now delete the FindAWF tool.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Are any of these things serious?

[Howard]

Your initial infection was serious, add to that that your system was infected with serveral nasties, including a trojan and yes, I`d classify it as fairly serious.

The good news is your system now appears to be clean. So, unless you`re still having problems, you should be good to go.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Howard thank you so very much. I'm still not sure what all that nasty stuff was. Do you know? Again thank you.
Scott

Should I be worried about Identity theft or any thing like that?

[Howard]

Yes, your system was infected with the following.

Your system was infected with a trojan called Downloader.Agent.awf. It replaces legitimate files that are common on most computers with an infected file. Then, it moves the legitimate files to a bak or backup folder.

Mywebsearch and FunWebProducts which both place adware on your system.

You also had a trojan on your system added by Troj/Banker-JJ. This was the process.exe file we deleted.

Edit: As regards your identity theft question. Did you read the links in the initial removal instructions? If you did, then you should have already decided what course of action you wanted to take. If your system is used for credit card use or online banking etc, then a format would have been preferable to cleaning.

If on the other hand, your system is only used for gaming, music etc, then cleaning is possibly a better option.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[vicki-scott@hotmail.com]

Ok thanks again

Yes I did read that but not knowing how serious the threat was. I wasn't sure what to do. I do not use my PC for Banking although I tried to convince my wife it is safe. Boy was I wrong!! I do on occasion use my credit card. I guess my thinking was that the damage was already done, why would I have to reformat if it could be cleaned.

Scott

[Howard]

Right, let me try and explain for you.

Some infections will and can steal data, including bank account and credit card details. If the system in question is used for such purposes, then a format is preferable as there is no guarantee that cleaning will make the system safe for such uses.

Regards Howard

This thread is for the use of vicki-scott@hotmail.com only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Howard]

I`m marking this thread as solved.

If you need this thread re-opened please contact a moderator or PM me.

Regards Howard