Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter · #1 ·
Please Help!!

I am a moderately literate computer person, however viruses have overtaken my system. Initially, I had the trojan spy-smith fraud complete with the blue screen with the fatal error message; performed an action that removed the message, but left me with a blue screen. Yesterday however I downloaded a panda to find that I had a virus that neither mcaffe, nor adware or spybot was able to detect. Currently, my system is very slow and driving me out of my mind.

I am using Windows XP and have attached a copy of the log from hjt.

Any assistance would be greatly appreciated.
 

Attachments

·
Retired Moderator
Joined
·
72,209 Posts
Welcome to TSG!! :)

Run HJT again and put a check in the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.oneclicksearches.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oneclicksearches.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oneclicksearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.oneclicksearches.com/
O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe

Close all applications and browser windows before you click "fix checked".

Navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Next navigate to the C:\Documents and Settings\Administrator (Repeat for all user names)\Local Settings\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Reboot.

Click here to download Adaware SE.
Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window: Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Reboot and post another HJT log for review.
 

·
Registered
Joined
·
5 Posts
Discussion Starter · #3 ·
I have followed the directions as indicated and have posted a new njt log.

There were 11 items that adware se cleaned. While my system has stopped the perpetual churning, it is still quite slow and the screen is still blue.

Thanks.

Slaborman
 

Attachments

·
Retired Moderator
Joined
·
72,209 Posts
Click here save this smitfraud.reg file to your desktop.

Double-click the smitfraud.reg file on your desktop. When asks if you want to merge with the registry, click YES button. Wait for the "merged successfully" prompt.

Reboot.

You need to remove one of the anti-virus products or configure AVG to scan on demand only!
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top