JeanInMontana

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you. The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

drgill_co you will need to comply with our requests or we will simply close this thread to prevent others from posting into it. I will give 24 hours for a proper response.

Hi Trish and welcome to Malwarebytes. As the instructions say, begin with the removal scan first then post those logs and the HJT log.

HTML code shows in Latest News.

Let's see if this tool finds anything peco. Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow"> SDFix.exe and save it to your desktop. Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following : * Restart your computer * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; * Instead of Windows loading as normal, the Advanced Options Menu should appear; * Select the first option, to run Windows in Safe Mode, then press Enter. * Choose your usual account. * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. * Finally copy and paste the contents of the results file Report.txt with a new HijackThis log Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

I need you to upload the file here http://uploads.malwarebytes.org/ not scan with MBAM.

Topic reopened per user request.

Yes there is. Same download link as on this page.

Beau your not removing anything. Your just scanning and not taking action. Memory Modules Infected: C:\WINNT\system32\cdrt.dll (Trojan.FakeAlert) -> No action taken. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{c42b9704-bd8b-43f8-83ad-3e17053d31e4} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c42b9704-bd8b-43f8-83ad-3e17053d31e4} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1f3161b1-b32f-48e3-804f-d89531d950a6} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f3161b1-b32f-48e3-804f-d89531d950a6} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{63c327d2-34a1-4c17-8afb-dae3cdae96f8} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63c327d2-34a1-4c17-8afb-dae3cdae96f8} (Trojan.FakeAlert) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{e4d57b00-8210-4892-b475-04c85ae0fe8f} (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4d57b00-8210-4892-b475-04c85ae0fe8f} (Trojan.FakeAlert) -> No action taken. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINNT\system32\cdrt.dll (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temp\vista_sp1.exe (Trojan.Agent) -> No action taken. All that above is malware, you need to have MBAM quarantine and delete it.

You did fine Kay. With XP you don't need WinZip. Nosirrah will have a look at that file and determine if it's good or bad.

Hi swetbak and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 someone will be happy to help you.

O20 - AppInit_DLLs: cru629.dat <========== Still there. I'll get back to you jekyl, after I get to work on this. For now update MBAM again, run a Quick scan. Post a new HJT log and the MBAM log please.

I say, I say, son..I have no idea.

Ooops, you need to open MBAM go to the settings tab and make sure there is a check in every box. Update again, and run a quick scan. Post the log and a new HJT log after that scan. I also still want to see what Virus Total said, please.

Great news! Ok one last file that may or may not be bad. The returning empty entry is a bug we think, but to be sure, please upload this to Virus Total C:\WINDOWS\System32\GEARSec.exe and to us here at Malwarebytes.

Please find the file and upload it anyway Kay. I get hits on it as malware doing a search.

You really should follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 . You can support MBAM by buying the full version or donating to the site also.

Hi Star-69 and welcome to Malwarebytes.

OK Kevin, some clean up but things look good. Run HJT again in scan only and put a check next to these then click fix. O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) - O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) Make sure the old folder for that version of Java are deleted and the program is uninstalled too. You need to update your Adobe also to version 8. Windows needs updating to Service Pack 3. After you do the Windows update System Restore points need to be reset. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

hi there. OK you are and were infected. MBAM took a bunch. Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. You will paste C:\Windows\system32\cru629.dat . The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. Update MBAM and run a quick scan again and post a new HJT log. Let me know how your running.

OK I think I have the solution for that pesky file. Right click your desktop and select properties . Click desktop tab , customize desktop button , web tab . Highlight the item(s) there and select delete . That should do it Let's get a new scan with MBAM, be sure to update it and a new HJT log. If you have your original install disk for XP get it out and have it handy. Now go here and follow the instructions. Even if you don't have the CD you can do the procedure. I've done it and it works. From what I find you have a damaged or missing file not allowing the update.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Since this topic has had no reply for over 5 days it will be closed to prevent other from posting into it. Should you decide to resume with your assistance PM any staff member and we will be happy to reopen the topic. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.