JeanInMontana

I would not normally comment into a HJT thread, but this is not a normal circumstance. What do you mean the infection will never be seen on the net? Where did you get it? The Google search brings up plenty of hits that it is indeed all over the net. It is polymorphic and you haven't posted anything here that shows you actually removed it. I don't mean to sound critical of your methods, I'm just pointing out the system in question could very well still be infected. TeaTimer can interfere with the removal process also. It protects against registry changes and should be turned off for the duration of removal. I'm not clear on what you mean by TT played a big role?

I would add to this the need for a firewall that monitors traffic leaving your machine.

Hi figaro, you should follow the directions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and start a new topic in that forum so someone can help you.

Hi twl845 and welcome to Malwarebytes. The protection is what you pay for when you buy a license. As for your error message, not sure. I will move this thread over to the MBAM forum and I'm sure you will get a speedy response.

Great to have you here Bio-Hazard.

Hi Nathan and welcome to Malwarebytes. We have a thread for this here http://www.malwarebytes.org/forums/index.p...c=4093&st=0 so I'm going to close this one to cut down on confusion.

Empty your temp files that should get that. I never recommended AVG. Get a decent firewall and turn off Windows firewall. I didn't recommend any antivirus programs so there is no conflicts with using all of the programs I listed. Some of them are not running processes at all. Set a new system restore point so you don't use the old one that is infected. This is not the same as reformat. Start> Control Panel> System> System Restore tab. Put a check in turn off System Restore. Reboot and repeat the procedure on create a new restore point. Name it something you remember, like clean restore point and create it.

Hi laserjet welcome to Malwarebytes. No it's not recommended. They will often cancel each others protections and it is also unnecessary use of system resources.

It's only gone down twice in nearly a year so not bad.

Good plan, and be sure to keep them updated along with your Windows, Java, Flash and Adobe programs . Since this issue is resolved I will close the topic to prevent others from posting into it. The fixes and procedures in this topic are for this machine only. Do not apply them to your machine even if you thing you are having the same problem. Read the instructions at the top of this page and start your own topic. Someone will be happy to help you.

If this machine is networked you might have all machines connected infected. You should keep it offline until you reformat. Reformatting itself doesn't take that long. It's the reinstalling of all the software and Windows updates that takes a long time and tweaking your personal settings etc. DO NOT get back on line with out a good firewall. Down load and burn to a disk if need be. Or use the Windows one and get a decent firewall and then continue with updates etc.

Heh I no more hit submit and Gmail showed a PM from the site!! It's up.

I put in a support ticket and the speedy reply is below. To those in the NASCAR game, umm hope we get this up before midnight. I don't have my picks in yet and most likely I'm not the only one. If Roddy32 wins again because of this....

The link to the trial will download a free version with no constant protection right? That is what I find misleading, they do not get to try the constant protection at all. Or I'm still way off?

Yes I know, but it's a bit misleading to tell them they are getting a trial of what they would buy when they really aren't. I have mixed feelings on that. It could compromise the integrity of the program as well as my own. I think I will change it to a "buy" link and if I have helped them in the HJT forum they already have the free version. I'm glad this came up though as I had no idea that is how it's set up.

What program did you use? What was the file? Please give exact error messages.

Oh, well I need to make some changes then. @ LoneWolf, I can't access my site to see what your link is. I'm getting With all links, including the toolkit. I am an affiliate for MBAM and RRP so if that is where the link goes, it would be pay versions. I do have it listed in the Must Haves section also. I spam my own site with Malwarebytes.

Hi there, g-wayne and welcome to Malwarebytes. No need to apologize for being confused. This stuff is confusing. Make sure your running as administrator. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. Please run a full scan of your main drive, usually C with MBAM making sure you check all items found for removal. Please post that log in your next reply. Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and MBAM scans please, along with a log from this program HiJack This! You will post three logs. 1. MBAM scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the MBAM first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be sure to set your email to allow mail from Malwarebytes.org and your personal settings to send an email on reply to your topic. This will let you know when there has been an update to your topic and you can come and see what has been said. Be patient and persistent. These things can take time and many procedures.

Well, it looks like running SDFix was a good call. How are you running now? You look squeaky clean. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Give it a trial using the link in my signature.

Ahh sorry about the advanced mode. I always run in that mode. AND Vista is just a PITA with the admin and permissions BS. Anyway looks like the offender is now taken care of with MBAM. How is the system running? Do you feel we have got you cleaned up? If so we have one final step. Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenol. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program AVG is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use. A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient. Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan. SpywareBlaster from Javacool Software WinPatrol by BillPStudios SiteHound by FireTrust RogueRemover hpHosts The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full time protection from MBAM is offered at a very low price. See the trial link in my signature.

Marcin RegNow has a trial option. I have the link posted on my site and in my sig.

I don't think the scheduled quick scan is working. I have set for update check and quick scan at 10 AM. I see the update box flash but the scan never runs. I have no logs for it. Would it scan and not log or show any scan activity? Sorry if this has already been addressed.

You have not disabled TeaTimer and MBAM did not take action on these items Registry Keys Infected: HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> No action taken. Run HJT in scan only mode and put a check next to the following items and then click fix. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) You do not need to run as admin to do what is needed in SBS&D. Look at the screen shots below, please, and disable TeaTimer. Once you have disabled TeaTimer run a full scan of C again with MBAM and take action on all items found. Post the log from that scan please. Exit all running programs and browsers and run HJT again. Post that log.

Jim it's the cases when we know the systems have been compromised in the way yours has been we have to recommend a reformat out of responsibility to the user. Please don't think it is anything to do with the site or the tools we have used. It is the nature of the malware. Since you don't have any "clues" so to speak even showing it, and yet we know you have been compromised I have no confidence we will get it. You must have got something very new that no one has been able to track down yet. I would not just quit you if I thought we had a good chance of cleaning your system. The people behind these tools work nonstop at finding the new stuff and ways to get rid of it. They do it for free. When you bought your PC did you get the full CD for Windows? Or any CD actually. You have an HP and they usually have a recovery partition. However, it could also be infected. If you have the CD for Windows it is simple stick it in and choose the reformat or reinstall option. You should be able to back up to CD anything you need to save now before you lose it. You have a HP and my experience with them has been great in customer service if your still under warranty, use it. Also check out the built in Help section. I'm sure you can order a full Windows CD from them too and maybe get it cheaper, I got mine for $10.00 when I bought the machine. Let me know if you need more info. I am so very sorry to have to be the one to give you this news. I truly think this is the best route. I will give you some tips on preventing this in the future to in closing remarks.