JeanInMontana

Hi and welcome to Malwarebytes. It looks like your already getting help for this problem here http://forums.comodo.com/comodo_boclean_an...0.html;msg87172 . If this is not you then please let us know. If it is you, stick with one forum and follow the instructions given at Comodo.

Do you still need help with this issue?

Do to lack of response this topic will be closed. The advice in this topic is for this system only. Applying it to your system can result in disaster. Start your own topic and give as many details as you can about your problem.

Hello and welcome to Malwarebytes. You should never follow instructions in someone else's topic. Instructions are given for each system specifically. Please tell me what exactly you did. Try a scan with RogueRemover first, there is a link in my signature to a free trial. Please run a scan with AVG antispyware and post that log here. Be sure you update the program and remove everything it finds. Then please do a Panda online scan, remove anything it finds, and post the results of that scan here also. Instructions for how to do that are posted at the top of this forum. Please move HiJack This from your desktop to C:\ and run a scan and save the log and post it after all the other logs.

Only approved people are allowed to give advice in this forum. Please see the TOS here here If you want to help and can provide qualifications as to your abilities, send a Private Message to Marcin/RubberRDuckY or to myself. Thanks for your understanding and cooperation.

http://www.malwarebytes.org/forums/index.php?act=boardrules

Hello, you did not follow my instructions. Nothing was removed with AVG, and there is a tutorial for how to run and post the Panda scan. I posted the scan. It does show Virtumonde go here http://www.symantec.com/security_response/...-99&tabid=3 and follow their instructions for removal. Then rerun AVG and take action. Remove the items found you have a trojan that Panda didn't remove and several other adware items. Post the AVG log and a new HJT log please.

Author: Option^Explicit Download Location http://download.bleepingcomputer.com/spyware/KillBox.exe License: Freeware KillBox Download Link Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type or copy and paste the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted.

Updated to 133 ran full system scan it ran fine, found the updates for AntiVir, added them to ignore list fine. I switched to run quick scan and got a runtime error. Got a screenshot. When I clicked abort scan it crashed.

OK if you ran everything there shouldn't be spyware cookies showing in the Panda log. Please reset your setting in AVG to save a log. Update and scan again and post the log. But run HJT and put a check next to these items below, then click fix: O2 - BHO: (no name) - {0293D0A6-0AB9-4E4F-A5B8-41EE2DEAC6B2} - C:\Program Files\ComPlus Applications\vibynob4444.dll O2 - BHO: (no name) - {8C9B9A46-869B-42C5-8C34-6025C991AB94} - C:\Program Files\ComPlus Applications\vibynob83122.dll (file missing) Uninstall this program c:\program files\Need2Find and this one RealSpy Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Reboot into safe mode by tapping the F8 key as soon as you hear the beep then using windows explorer find these files and delete. c:\windows\smdat32m.sys c:\program files\Need2Find Get this program and run it, http://www.ccleaner.com/download Post the AVG log and a new HJT log please, let me know how your symptoms are doing too.

Panda removed some stuff, please wait until i can research a bit. Don't take action on your own.

Ok then thats just what I will do.

Hi and welcome to Malwarebytes. You are running a version of Java known to be a security risk. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation. Please run HJT again and put a check next to the item below then click fix. O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lndsrngm.exe Then please do this get this program AVG AntiSpyware update and run a full scan removing everything it finds. Then go here and run a scan PandaActive Scan There is a tutorial at the top of this forum for how to run a scan and save the log. Post the logs from the Panda and AVG scans please. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi and welcome to Malwarebytes. When you say "some other crap" what was it? I don't see any antivirus program or firewall are you using them? Run a scan only with HJT and put a check next to these items below R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O22 - SharedTaskScheduler: glauke - {cc824bb2-d4b3-41f1-bba0-f8240e4cc495} - C:\WINDOWS\system32\kvfvw.dll Then please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Use the immunize feature on this program also. AVG AntiSpyware Then go here and run a scan PandaActive Scan There is a tutorial on how to run this program at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from HJT. So you will post 3 logs. First AVG, then Panda and then HJT. Make sure you do the scans in the order posted and remove all items found. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. You are running an out dated security risk version of Java also. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://www.java.com/en/download/manual.jsp and install the correct version for your system. Choose the offline installation.

Due to 5 days and no reply this topic will be closed.

You are wasting my time! While researching your issues I see you are also getting help here http://forums.techguy.org/malware-removal-...re-pop-ups.html Besides wasting my time you put your system in danger of ruination by using procedures from two helpers. This topic is closed. Have the decency to finish what you started at Tech Support.

Hi there, and welcome to Malwarebytes. Sorry you had to wait. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to immunize and enable the IE protections. AVG AntiSpyware Then go here and run a scan PandaActive Scan There is a tutorial at the top of this forum on how to run a Panda scan. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! Your using a beta version and it is not in beta now. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures. What exactly are the popups for ? To be clear you will post a total of 3 logs. AVG, Panda and a new HJT with the correct program.

Regardless of what Secunia says Adobe 7 has been a known risk since December '06 and Adobe themselves say so http://www.adobe.com/support/security/bull.../apsb06-20.html . Also from CERT I don't make this stuff up to give people something to do. You can stop the service for I-pod in Computer Management, Services and Applications. Access by right click on My Computer and choose manage. The same goes for AVG Active guard, unless your Dad is going to buy the program the guard will become useless after the trial and just a waste of resources. O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Since this issue seems to be resolved I am closing the thread. Information in this topic is for this system only and should not be applied to any other system.

Due to lack of response this topic is closed.

Due to lack of response this topic is closed. Should you decide you want help, please send me a PM and I will reopen the topic.

Removing the WildTangent/Killit.exe should stop the McAfee alert. You can run sfc / scannow without the CD by using these instructions here http://montanamenagerie.org/forum/viewtopic.php?p=1255#1255 I've done it and it works. In fact some machines now ask for the SP2 CD when you run SFC. So even without a SP2 CD you can still point the registry to the I386 file and run the check.

Wild Tangent comes pre-installed on HP PC's and Laptops. It was considered an undesirable thing to have and certainly is not needed. It is part of the game package, if all the trial games are played and he isn't going to buy it's probably safe to remove it. You will find it in Add/Remove programs. I don't see anything malware in the log. The lines below can be removed with HJT O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" O9 - Extra button: (no name) - Software - (no file) O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - The Adobe reader is out dated and a security risk. Also do a file search for AOL to find it all. I would run a registry cleaner also like EasyCleaner, just don't use the duplicate file finder. It can be disaster, some files are meant to be duplicate and if you don't know which ones and remove it is bad. Do a disk check for errors then defrag and I bet it runs way better. It will need a defrag after removing AOHell, but do the error check first. You might even want to run the system file checker. Make sure he has all Windows Updates and put some prevention stuff on there for him. Many infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts For an excellent list of reliable free firewalls and antivirus programs see here .

Hi and welcome to Malwarebytes. Please follow these instructions below. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm Post the SmitFraud log and a new HJT log please. We will see what is left to do.

Weather bug used to be considered malware. Now AOL uses it. Feel free to post a new log and I will look at it. I think maybe he is in need of some basic maintenance stuff and paring down on some of the stuff running that he doesn't need to run all the time. Have you tried stuff like disk check and the system file checker? Like I said at my site, get him to get a real ISP. He can still use AOL mail even if he gets another provider, they have made that free.