Recently I have discovered a trojan horse or virus on my machine. I get IE popups but I am not using IE, I use Firefox. I repeatedly used spybot, Adaware and AVG to find and remove all of the aboved named infections. Newly installed Zone Alarm now stops these sites from opening.
I did a system cleanup deleting all temp files, and I used ccleaner too. I tried to download and run AVG anti-spy but it caused my computer to crash.
AVG scan now reveals no infections.
Here's my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:00 AM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:36:12 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Please download VundoFix and follow on-site instructions for scan and remove.
If there is a problem, please feedback with another fresh HijackThis log.
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
1. Please downloadThe Avenger by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger.exe to your desktop
2. Copy all the text (including the 'Files to delete') contained in the code box below to your clipboard by highlighting it and pressing Ctrl+C:
Quote ...
Files to delete:
C:\WINDOWS\system32\geebx.dll
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:26 AM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:14 PM, on 10/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.
This thread is more than three months old
No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Marked Solved 
Offline 
