Hi, zedd2006. There is some work to be done, including following SpyDie's recommendation for a firewall, which I certainly hope to see when you post the new logs as a reply. There's some work to do, so let's get started.
Please look in your control panel, add/remove programs for any of these and uninstall them:
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets Reboot and download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe (
Tutorial for the uninstaller if needed)
http://www.purityscan.com/ps_uninstaller.exe <---alternative uninstaller
Restart the computer when done.
Critical vulnerabilities have been identified in Adobe Reader and Acrobat 7.0 through 7.0.8. Please see
http://securitygarden.blogspot.com/2006/12/adobe-reader-and-adobe-acrobat-7.html for information on getting the update.
Also, the Java software on your computer is very outdated and most likely placing your computer in the position of being vulnerable to the Virtumundo infection. Illustrated instructions are available at my blog posting:
http://securitygarden.blogspot.com/2006/09/sunflowers-and-sunjava-update.html .
Now you are ready to move on to the next phase of cleanup.
A. Please download and install the following files:
- Please download ATF Cleaner by Atribune from http://www.atribune.org/public-beta/ATF-Cleaner.exe . Save it to your Desktop.
- Download and install AVG Anti-Spyware 7.5 and set it up as follows:
- After download, double-click on the file to launch the install process.
- Choose a language, click "OK" and then click "Next".
- Read the "License Agreement" and click "I Agree".
- Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
- After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking the icon on your desktop or in the system tray.
- The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
- Right-click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
- Go to Start > Run and type: services.msc
- Press "OK".
- Click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
- When you find the guard service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Manual".
- Now click "Apply", then "OK" and close the Services window.
- Select the "Update" button and click "Start update". Wait until you see the "Update successfull message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
B. Run ATF Cleaner
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Exit on the Main menu to close the program.
C. Restart your computer in
Safe Mode.
- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe Mode.
- Login on your usual account.
If you need further assistance with Safe Mode, see
SymantecD. Scanning and system cleaning with AVG Anti-Spyware.
- Click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
- Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
- When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?
- Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
- Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.E. Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if found, and press "Fix Checked":
R3 - URLSearchHook: (no name) - {849E380E-DDEF-A06E-9CFB-80FA3DDA6EEB} - C:\WINDOWS\system32\zqieu.dll
O4 - HKLM\..\Run: [{20E70B85-0BB0-1033-0110-050627010001}] "C:\Program Files\Common Files\{20E70B85-0BB0-1033-0110-050627010001}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [{20E70B85-0BB1-1033-0110-050627010001}] "C:\Program Files\Common Files\{20E70B85-0BB1-1033-0110-050627010001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [Lhjuogfa] C:\Program Files\Common Files\?dobe\m?dtc.exe
F. Restart in Normal Mode and double-click the
HijackThis icon on your desktop. Choose "Do a system scan and save logfile".
G. Post a reply with the following logs and let us know how your PC is doing:
- AVG Anti-Spyware log
- HijackThis log
