JeanInMontana

Because there has been no reply I will close this topic to prevent others from posting in it. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Sounds good.

Hi Hasture and welcome to Malwarebytes. Please get rid of everything shown in the Panda scan associated with the Key gen program(s). Malwarebytes does not condone or associate with cracking software. This is most likely how you got infected also. Print or Copy these instructions to notepad and save to your Desktoop as you will be offline with all browsers closed for this fix. Download: Use this URL to download the latest version (the file contains both English and French versions): http://siri.urz.free.fr/Fix/SmitfraudFix.exe * Double-click SmitfraudFix.exe * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt Clean: * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually) * Double-click SmitfraudFix.exe * Select 2 and hit Enter to delete infect files. * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection. * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file. * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt * Optional: o To restore Trusted and Restricted site zone, select 3 and hit Enter. o You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm You are running a beta version of HJT please get this version and post a log from it after removing the beta version. HiJack This!

Hi Webman and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936 and we will proceed from the information gathered there.

I had updated to first release from the prerelease version and then saw you wanted a clean install. This morning I was going to install from the MG download and when I did the uninstall got the error message in screen shot. It did uninstall with repeated 'OK' clicks on the error message.

I would be delighted to add MBAM to my site along with RRPro. Do I need to go through RegNow?

Howdy to you too!!

Made a mistake on the number. See screen shot. It takes 3 times of clicking OK for the box to close out also.

I get this also only with different numbers 19 is my number. LOL

Hehe Have a great day and be sure to check in at MM in a few!!

Thanks for clarification. I was having a hard time seeing a sudden swing to ad banners. They are all very good.

Whoo Hoo 49 and holding? Hope you have a great day!!

Due to lack of response this topic will be closed to prevent others from posting into it.

Due to lack of response this topic will be closed to prevent others from posting into it.

Thanks for your help Blade, it is much appreciated. Due to lack of response I will close this topic to prevent others from posting into it. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

Due to lack of response I will close this topic to prevent others from posting into it. The fixes and procedures in this topic are for this machine only. Applying this advice to another system can result in permanent system damage. If you require assistance please open your own topic and someone will be happy to assist you.

Due to lack of response this topic will be closed to prevent others from posting into it.

Ads? Where will they be ads? The animated banner catches the eye more but if they are going to be on a site other than here matching the site colors would be good.

Hi there Tomfoolery, and welcome to Malwarebytes. What made you click a link to a keylogger? Or did you not know it was a keylogger? Your running an outdated version of HJT and it is on the desktop. Please be sure to install the version below to your program files folder. The following explains how to remove items from your computer that are malware. These items must be fixed! Download CWShredder from here , unzip it, and save it on the Desktop. Run CWShredder to fix your CWS problem. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://www.superwebsearch.com/ie/ O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe Click on Fix Checked when finished and exit HijackThis. Reboot into Safe Mode: please see here if you are not sure how to do this. Using Windows Explorer, locate the following files/folders, and delete them: C:\PROGRA~1\mcafee.com\agent\McUpdate.exe Exit Explorer, and reboot as normal afterwards. If you were unable to find any of the files then please follow these additional instructions: Download Pocket Killbox and unzip it; save it to your Desktop. Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot. If you haven't already, please get these programs, update and run a complete scan removing all items found. Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this. AVG AntiSpyware Be sure to "take action" Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum. Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This! You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth. I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Hi open HJT and put a check next to these lines below: O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe" O4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\kopjjata.dll",s Put a check next to them and click fix. Please set your system to show all files; Click Start. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK. Then find this file C:\WINDOWS\system32\kopjjata.dll",s and delete it. If you can't find it get this: Author: Option^Explicit Download Location License: Freeware KillBox Download Link http://download.bleepingcomputer.com/spyware/KillBox.exe Operating System: Windows File Description: Pocket KillBox is a program that can be used to get rid of files that stubbornly refuse to allow you to delete them. Usage Information: Download this file and run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, allow it to do so, and hopefully your file will now be deleted. Make sure you have deleted all old fixes we have used they are all outdated now and may cause confusion for new fixes. Get a copy of RogueRemover Pro from the link in my signature or from the top of this page and run it. Let it remove everything it finds. Post back a fresh HJT log and we will see how we are doing.

Open HJT and put a check next to these items: O4 - HKLM\..\Run: [7853c498] rundll32.exe "C:\WINDOWS\system32\filfkxib.dll",b O4 - HKLM\..\Run: [bM7b60f704] Rundll32.exe "C:\WINDOWS\system32\aklmfpmc.dll",s O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background click fix and exit HJT, reboot and post a new HJT log please.

Avocaddo, there is a new version of the Vundo trojan and it is nearly impossible to remove at this time. I am convinced you have it. It is really in your best interest to reformat. We gave it our best shot and I'm really sorry that wasn't enough. Since this topic has been resolved it will now be closed.. Note: the fixes in this topic are for this system only. Applying them to your system can cause severe damage and result in utter system failure. If you need help start your own topic and someone will be happy to assist you.

The key is to stay calm, and not try to use reason. LOL After all you go to the start menu to stop. It's also not all you. These infections don't play nice. These last logs show some things have been removed are you seeing any improvement? Delete this file c:\windows\pcconfig.dat and lets run a new ComboFix too. But empty all temp files and the recycle bin. Run this http://www.ccleaner.com/download before ComboFix it will clean out all the crap and also any cookies used to save passwords etc. but you can set it to leave certain cookies. I would keep this one and use it monthly at least. 1. Download this file : http://download.bleepingcomputer.com/sUBs/combofix.exe Or from here: http://www.techsupportforum.com/sectools/combofix.exe 2. Double click combofix.exe. It will be a red icon with a white X on your desktop. Follow the prompts you will get a blue cmd prompt screen and a choice to choose Y or N. Choose Y and hit enter. 3. When finished, it shall produce a log for you. This logfile is located at C:\ComboFix.txt. Post that log and a HiJack log in your next reply Note: Do not mouseclick combofix's window while its running. That may cause it to stall.

Hello again. Please run HJT and put a check next to this entry: O8 - Extra context menu item: &Search - ?p=ZNfox000 Click fix and exit the program. Let's run this tool for safe measures. Please download this file: SDFix.exe * Open the extracted SDFix folder and double click RunThis.bat to start the script. * Type Y to begin the cleanup process. * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. * Press any Key and it will restart the PC. * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). * Finally paste the contents of the Report.txt back on the forum. Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please. Reboot and post a new log. Give me some feedback on how your running now.

It doesn't matter if they were running before you ever asked for help. I want to see the logs. This process relies on following instructions in the fastest response time possible and as they are requested. Infections as yours mutate and reinfect after one process has been done but not the rest. I need to see what is going on now, the tools to help me do that are the log from AVG anti spyware and Panda. Then a new HJT. SDFix did get a trojan, is the system running any better?