Browser Hijack and Virus

[Shaba]

OK, it's hammertime

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter (one line at a time following with Enter):

cd\
cd c:\windows\system32
del vsfocetkopabwq.dll /a /f /q
cd c:\windows\system32\drivers
del vsfocepesvjulp.sys /a /f /q

6. At the next prompt, type the following bolded text, and press Enter:

exit

Rerun avenger with that script and post back fresh avenger log, please.

[Off Track]

Shaba:

When I arrow up to select Windows Recovery Console and hit enter, it brings me right back to the same page asking me to chose between the Recovery Console and XP ???

[Shaba]

Please try then these and continue from 5. after them:

1. Insert Windows Install disc to boot from CD.
2. Press any key on the keyboard when prompted.
3. Press R to load the Recovery Console.
4. Enter your password when prompted.
5. You must enter which Windows installation to log onto. Type 1 and press enter.

[Off Track]

Shaba:

I only have a Windows Upgrade disc, upgrading to XP Home Edition from an earlier Windows version. I don't seem to get the same prompts, etc., when I put that cd in.

[Shaba]

Can you maybe borrow XP CD from someone?

[Off Track]

Shaba:

I have a disc, but don't understand what's next. My PC boots normally, even with the disc in the drive. I'm not prompted to do anything and pressing R doesn't accomplish anything either.

Opening the disc contents gives the usual menu to begin installation.

[Shaba]

You will need to set boot order from BIOS.

Set CD/DVD drive as first and try again

[Off Track]

Shaba:

OK, I was able to boot from the disc, and get to dos prompts.

I was able to delete vsfocetkopabwq.dll, using "del vsfocetkopabwq.dll" BUT, when doing so it would not accept the /a /f /q at the end of the command string. So I just used "del vsfocetkopabwq.dll" with nothing after.

Same for del vsfocepesfjulp.sys (without the /a /f /q). Is this a problem?

When exiting, it rebooted and ran a long check disc which found numerous issues with the recovery console parameters, etc.

I ran Avenger, and the log is below:


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\drivers\vsfocepesvjulp.sys" not found!
Deletion of file "c:\windows\system32\drivers\vsfocepesvjulp.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\windows\system32\vsfocetkopabwq.dll" not found!
Deletion of file "c:\windows\system32\vsfocetkopabwq.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[Shaba]

Good, it is gone

Still some issues left?

[Off Track]

Shaba:

So I'm guessing its OK not having the /a /f /q after the delete file command?

Google searches do NOT appear to be redirecting. I have not rerun AVG yet, but will do so today.

My Paging file error, which occurred every time at boot up the last couple weeks is gone too.

Next (final?) steps??

Thanks.