Win XP Repair virus

winchester73 · July 29, 2011, 08:16:52 PM

No need to worry about SpywareBlaster, it doesn't really "run".

QuoteIt says to turn off my AV

What is "it"? The ESET scanner? If so, yes, you are OK as long as you only have the ESET window open, no other IE tabs. You can turn AVG back on once the ESET scan is done. It will take a while, you'll have time to grab some coffee.

If something else is requesting you turn off your AV, then don't do anything just yet.

winchester73 · July 29, 2011, 08:22:53 PM

Odd result with UnHide ... this will require some more research. Let's work on that once we get the other things sorted out.

Did your desktop return to your normal background?

Since you are now able to run MBAM, go ahead and run the full scan option (update first) once you get done with the ESET scanner.

ejane · July 29, 2011, 08:32:12 PM

Maybe I should do a restart to see if things return?

winchester73 · July 29, 2011, 08:36:32 PM

I wouldn't reboot until you do the ESET and MBAM scans. If the devil isn't exterminated, it will just come back and put you at square one again.

ejane · July 29, 2011, 11:18:30 PM

Scan finished...you were right it took a long time. It found three things.

Jane

ejane · July 29, 2011, 11:46:43 PM

Should I tell it to clean? I left it sitting there.

Thanks,
Jane

winchester73 · July 29, 2011, 11:56:35 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=5162a968e101374b9964a0a7914b92bf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-29 10:59:28
# local_time=2011-07-29 06:59:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 100104277 100104277 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 100 74 29293907 95444209 0 0
# scanned=102476
# found=3
# cleaned=0
# scan_time=5859
C:\Documents and Settings\felix\Local Settings\Application Data\Mozilla\Firefox\Profiles\e5kfsihl.default\Cache\7EAF09E1d01   JS/Exploit.Pdfka.OYH trojan (unable to clean)   00000000000000000000000000000000   I
C:\Documents and Settings\felix\Local Settings\Temp\plugtmp-5\plugin-xteobtkqytfzct.pdf   JS/Exploit.Pdfka.OYH trojan (unable to clean)   00000000000000000000000000000000   I
C:\RECYCLER\S-1-5-21-3968902737-363820220-2249651152-1005\Dc27.exe   Win32/RegistryBooster application (unable to clean)   00000000000000000000000000000000   I

winchester73 · July 29, 2011, 11:59:49 PM

Quote from: ejane on July 29, 2011, 11:46:43 PM
Should I tell it to clean? I left it sitting there.

Thanks,
Jane

No, let's see if a MBAM full scan finds anything.

ejane · July 30, 2011, 12:14:30 AM

I am sorry, I don't understand. Do I close the ESET? Do I run MBAM while ESET is still open?

winchester73 · July 30, 2011, 12:30:40 AM

Sorry to confuse you, it was 103 degrees here today, and my brain is fried ...

Go ahead and close ESET, we have a record of what it found. The Firefox item can be removed with another tool. In the meanwhile, I need to verify that your old version of AVG will be compatible with it.

Open MBAM, update it to see if a new definition file was released, and then perform a full system scan. You can have it remove anything it finds, whether in system restore or not.

ejane · July 30, 2011, 12:54:10 AM

Will do.

Jane

Corrine · July 30, 2011, 01:09:07 AM

Hi, Jane.

Please copy/paste the logs in the reply box instead of attaching them. Thanks!

After scanning with MBAM, please post the results here as a reply. In addition, we need you to update AVG to the latest version so that we can have you move on to the next step. See http://www.landzdown.com/index.php/topic,239.msg125329.html#msg125329 for the latest update information.

ejane · July 30, 2011, 01:49:33 AM

Sorry about the attachment. I'm still having trouble finding things as many folders still appear empty. I was able to get to Program files after the scan. I'm working between two computers. Malwarebytes is still scanning, I will try to copy the results and paste here.

Thanks again,
Jane

Corrine · July 30, 2011, 01:52:12 AM

No problem. Its just easier for us.

By the way, Winchester73 pointed out that the latest version of AVG is 2011. I know that version has been tested with the tool we'd like to use so if you're staying with AVG, please update to that version, available from
http://download.cnet.com/AVG-Anti-Virus-Free-Edition-2011/3000-2239_4-10320142.html?part=dl-10044820&subj=dl&tag=button&cdlPid=11014801

In the event you wish to use a different A/V solution, The following antivirus software programs are free for personal use.

avast! 6 Home Edition
Microsoft Security Essentials

winchester73 · July 30, 2011, 01:57:38 AM

Jane, so as not to confuse you, Corrine and I have been examining things behind the scenes, so don't look for a comment from me about AVG in your thread. :D