11 replies to this topic

[jessthomps]

Hi! I'm new to these forums but from what I've been reading I think someone here can help me. I noticed that over the past few months my computer has been running slower. Finally becoming annoyed with it I checked my taskmanager and found a bunch of .exe's running and I didn't know what they were...on a whim I googled one of them and it came up as a virus/spyware/malware and surprisingly these forums were also included in the google search (you were helping someone else with a problem -- that's how I found you guys! )

I am not a computer whiz but I thought I had pretty decent anti-virus (WinAntiVirusPro 2006) but maybe I'm wrong.

I did a ewido, superantispyware and a kaspersky scan and I've come up with a bunch of stuff (yikes! )

I am attaching the hijackthis and the kaspersky scan logs...for some reason I can't get the ewido or superantispyware log to upload...something about not being able to upload a file with the file extention they have (both are text)

 hijackthis_11_06.txt   7.77K   57 downloads
 kavscan.txt   32.62K   18 downloads

I was able to get the AVG Spyware log to upload. Here it is.
 Report_Scan_20061115_110650.txt   20.4K   25 downloads

[teacup61]

Hello jessthomps,

Welcome to CCleaner Forums.

Quote

I am not a computer whiz but I thought I had pretty decent anti-virus (WinAntiVirusPro 2006) but maybe I'm wrong.

This IS bad stuff...nasty, and if you paid for it, you got duped my friend. I doubt it will uninstall, but give it a try via Add/Remove Programs. Download one of these FREE, REAL AntiVirus Programs and run a full system scan. AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you've done that, run another scan with HijackThis in normal mode and simply copy and paste the report here in this thread.

Regards,
tea

[jessthomps]

Quote

I doubt it will uninstall, but give it a try via Add/Remove Programs.

Ugh! Right you are! For some reason my antivirus doesn't show in the 'add/remove' list...I tried uninstalling it with the uninstall that came w/it and it's conveniently missing the exe.

So, I DL'ed the AVG antivirus and it found 1 trojan that it took care of

Here's the new hijack list that I ran after the virus scan was complete.

 hijackthis_11_06.txt   8.13K   26 downloads

[teacup61]

Hello,

Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O4 - HKLM\..\Run: [WA6Pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2006\wa6pcw.exe" -c
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following:

C:\Program Files\Common Files\WinAntiVirus Pro 2006 <------ this folder

• In Safe Mode, load AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  
• AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  
• Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  
• Restart back into Normal Mode.

In your reply, please post the report from AVG and a new HijackThis log. Let me know how your computer is running.

Thanks,
tea

[burtman]

I know this may be elsewhere, but this actually surprised me that it a 'product' (for want of a better description) like this is still active.
Should this be pinned somehwere that WinAntiVirusPro 2006 is nasty ...? After all it does sound so genuine (go on Gates - sue em! lol)

Even Google warns you of it .. and that takes some going ! lol !

We need make our new & existing member-base aware of this (and other such) b**s*it pretend software does still exist.

Errrgh!

btw. jessthomps I hope you have survived to read this :-)

[YoKenny]

burtman, check out Eric Howes' excellent site:

Rogue/Suspect Anti-Spyware Products & Web Sites
http://www.spywarewa...nti-spyware.htm

[jessthomps]

Hi!
I'm back from the "other side" and here is the AVG log from the scan done in safe mode:

 Report_Scan_20061115_213747.txt   8.94K   38 downloads

Here is the new hijack this log as well:

 hijackthis_11_16_06.txt   7.71K   40 downloads

so far it looks like the speed of my computer is vastly improved!

Can you please look over both logs and let me know if there is anything additional I should do?

[teacup61]

Hello,

Navigate to and delete the following file :

C:\WINNT\system32\rxjlhnzf.exe

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

Now please run AVG AntiSpyware again to make sure all those are gone. Let me know.

Thanks,
tea

[jessthomps]

Have followed your instructions. Here is the new AVG report

 Report_Scan_20061117_143703.txt   12.68K   21 downloads

[teacup61]

Hello,

You can have AVG clean those cookies.

How is your computer running now?

[jessthomps]

It's running much better!

Thank you so much!

[teacup61]

You're most welcome.

Your log looks good, so you get the all clean speech!

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems. Some you may already have, but there are tutorials to go with them if you're interested and have questions.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Take care!
tea