Thread: New Win32 Virus
View Single Post
Join Date: May 2005
Posts: 3,204
Reputation: gerbil will become famous soon enough gerbil will become famous soon enough 
Solved Threads: 188
gerbil gerbil is offline Offline
Nearly a Senior Poster

Re: New Win32 Virus

 
0
  #5
May 11th, 2007
Understood. Because of the file you posted we'll step back and restart with these instructions. You must be in an Administrator-privileged account to run this procedure...:
==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
-unzip it to your desktop, leave it for the moment.
==CCleaner: more detailed instructions - Dl the file ccsetup139.exe from filehippo to a downloads folder, dclick it and agree to everything - either let it open its own new folder or point it at a folder you created by your other pgms folder [DON'T you create folders in the start menu!! Leave installing pgms to make entries if they wish!]. The only box I left checked was the "Add Open CCleaner to Recycle bin context menu". And press Install. Should go okay... leave it for the moment.
==start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-Select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Allison\LOCALS~1\Temp\winlogon.exe

==start Avenger; select “Input script manually” and then click the magnifying glass icon. Paste into the

box as one block all the text between the lines:-
_____________________________________
Files to delete:
C:\DOCUME~1\Allison\LOCALS~1\Temp\winlogon.exe
_____________________________________

...and click Done, and finally the green light.
Follow promps to reboot your machine.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt
==Now start and run CCleaner as I posted previously, and follow it with the Panda Onlinescan.
Please post Avenger and Panda scan logs, plus a fresh [run last of all] hijackthis log.

While you await feedback, you should/must do a JAVA Update...
===Java update!!! This is for security reasons. Go control panel > java > update, & press update now. Restart after installing the update, and then go into control panel again, add/remove pgms and remove all old versions of java. Vsn 1.6.0.1 is current....
Last edited by gerbil; May 11th, 2007 at 11:04 pm.
Deep, deep in the woods, but walking about.
Reply With Quote