[marina_meggy]

I was infected with either a virus or spyware earlier today. I was able to use system restore to get to where I am functioning again but I do not believe all is well. I ran adaware, Norton and spybot. Spybot had some artifacts that it could not remove. Norton found two entries. I have yet to reboot for fear that the malware will reappear. I need desperate help. Thanks in advance for any help.

[Wolfeymole]

Hi Marina

Welcome to TCF

Firstly allow me to say that Norton is utter trash and should be removed at the earliest opportunity.
Removing it from Add/Remove is not enough as you need to get the Norton Uninstall tool from Norton themselves.

Consider Avast as an excellent Anti Virus program, available in our Downloads section.
Install it and allow it to run a system check on boot up, this will find and fix the problems.

Make sure you have all new updates for AdAware and Spybot, latest definitions for spybot are available for you to see as a header in this forum.
Run them both and get back to us as more remedial work may need to be carried out.

[valis]

hello marina, and welcome to the forum. :)

after you follow wolfey's directions, I got a few more. Let's start by seeing what you got infected with:

[FONT=Tahoma]Please do this:

· Click here to download HJThis.exe
· Save HJTsetup.exe to your desktop.
· Doubleclick on the HJTsetup.exe icon on your desktop.
· By default it will install to C:\Program Files\Hijack This.
· Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
· Put a check by Create a desktop icon then click Next again.
· Continue to follow the rest of the prompts from there.
· At the final dialogue box click Finish and it will launch Hijack This.
· Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
· Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
· Come back here to this thread and Paste the log in your next reply.
· DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

thanks,

v
[/FONT]

[robart.hendory]

[FONT=Times New Roman]I[FONT=Arial] think we will let Valis deal with this Robart.[/FONT]




[/FONT]

[marina_meggy]

I got this Trojan Virus from a 'Noble Poker' program I haven’t used in years. My Norton Anti-Virus and XsoftSpySE wont get rid of it. Is there anyone out there that can help me remove it before my computer crashes?

[Wolfeymole]

I'll pm Valis, our HJT expert who will deal with this Marina.

[NobleGeek]

scan in safe mode or schedule a boot-time scam...

[NobleGeek]

norton not too good :-(
anyway download and scan ur pc in SAFE MODE with avg-antispy or a-squared anti-malware. they have good anti-trojan detection capabilities. finish off with a ccleaner run to clear up residual pc junk and trace malware.

if it dznt help u can always get ur hjt logfile AUTO-ANALYZED at www.hijackthis.de. just copy-paste ur logfile there and click anakyze ;-)

[SageMother]

Are you able to see the path to the files that are questionable? If so you might be able to delete them without doing damage to other programs.

[valis]

the problem with the auto-analyzer is that it frequently, and I mean frequently, misses stuff that it's supposed to catch, and just as frequently does the opposite. For instance, every ati driver that loads at startup is listed as bad, and the builtin MS system diag tool is always listed as bad, yet obviously both are good. The other problem is that while it does analyze for you, it doesn't necessarily tell you HOW to get rid of it. You can remove vundo all day from hjt, it's still going to be there. :)

Marina:

If you could do the following two steps for me:

Step 1:

[FONT=Tahoma]First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program. After the trial period, the scanner will continue to work, and you will still be able to receive updates; however, certain advanced setting will no longer be available unless purchsased

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

1. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
5. If you have any infections you will prompted, then select "Apply all actions"
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Step 2:

[/FONT][FONT=Tahoma]Please do this:

· Click here to download HJThis.exe
· Save HJTsetup.exe to your desktop.
· Doubleclick on the HJTsetup.exe icon on your desktop.
· By default it will install to C:\Program Files\Hijack This.
· Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
· Put a check by Create a desktop icon then click Next again.
· Continue to follow the rest of the prompts from there.
· At the final dialogue box click Finish and it will launch Hijack This.
· Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
· Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
· Come back here to this thread and Paste the log in your next reply.
· DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

thanks,

v
[/FONT]

[valis]

merging posts.

[marina_meggy]

[FONT=Times New Roman][SIZE=3]My Internet Explorer has been hijacked (i.e. my browser web page cannot be changed from a site that I don't want). What can I do? [/SIZE][/FONT]

[Wolfeymole]

Did you follow the instructions given here Marina?

[valis]

merging posts again. Marina, if you could follow my instructions in post #3, we can get started on cleaning this machine up and get you back to where you want to be, internet-wise.... :)

thanks,

v