Thread: Virus Changed Background (same problem as mrvin)
View Single Post
Join Date: Jul 2008
Posts: 173
Reputation: Cyber Punk is an unknown quantity at this point 
Solved Threads: 8
Cyber Punk's Avatar
Cyber Punk Cyber Punk is offline Offline
Junior Poster

Re: Virus Changed Background (same problem as mrvin)

 
0
  #6
Aug 20th, 2008
Hi, good. We're almost there.

Please uninstall the following programs from your computer :
  • Need2Find

Please reopen HJT and click on Do a system scan only and locate the following :


O1 - Hosts: 72.52.158.153 www.avrilbandaids.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - Startup: PowerReg Scheduler V3.exe
O15 - Trusted Zone: www.avrilbandaids.com
O15 - Trusted Zone: http://www.avrilbandaids.com
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/C...ngineQuery.dll
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/...x/HMAtchmt.ocx
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

Now, close all the other open windows and then, in HijackThis, click on Fix Checked.

Please delete the following file from the listed folder :

Under C:\Program Files, delete the folder, Need2Find if it is still present.

Please reboot your computer.

Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, click Yes

The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Please post the contents of the log here.

Please refrain from using the P2P/Torrent client in your system for the time being till I have cleared the infection in your system.

In your next post, please post; a new HJT log, scan results from Kaspersky Online scan and a description of how your computer is running at the moment.
Last edited by Cyber Punk; Aug 20th, 2008 at 3:29 pm.
Reply With Quote