Spybot and Avast executables deleted by...

Hi :)

Yes you may uninstall AVG if you want but it is a good scanner...

Open Notepad and copy the following lines into a new document:
@echo off
sc stop M_HOOK
sc delete M_HOOK
Click to expand...

Save the document to your desktop as Remove.bat and filetype: All Files
Go to your desktop and run the file Remove.bat and allow to run it if prompted. A window will open and close, this is normal.

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
C:\WINDOWS\exefld
C:\Documents and Settings\MILENA\Dati applicazioni\hidires
F:\#Lory\#Documenti\Giochini ed eseguibili\skerzi

Reboot in Normal Mode.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Extended (if available otherwise Standard)
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis startuplist
 
Hi again, it is looking good now :)
How is the computer running ?

You should be careful on what you download :mad:

Delete the following infected files:
D:\MOBILE TOOLS\PC HOME\AGO\ANTISPAM Free\FreeSaverMP3.exe
F:\#Lory\#Documenti\Giochini ed eseguibili\Kissdolls\Games\hentaigame.exe
F:\#Lory\#Files importanti\BSINSTALL.exe
F:\#Lory\#Files importanti\BSINSTALLIT.exe
G:\#Miky\AGSetup0608.exe

And delete the following folders:
F:\#Lory\Themes\logon
F:\#Lory\Themes\stili visivi

The you have infections in the System Restore but that will be easily cleaned.

You don't seem to have a third-party firewall installed. You must install one firewall.
It is possible that you're using the Windows XP firewall. That is of course better than nothing but I recommend that you install a more advanced firewall that gives more protection. Windows firewall doesn't eg protect your computer from inbound threats. This means that any malware on your computer is free to "phone home" for more instructions. Remember to use only one firewall at the same time. I'll give you a few alternatives if you want to install a third-party firewall:

These are good (free) firewalls:
You don't have an antivirus on your computer, you must install one antivirus. Otherwise you'll get infected again.

These are good (free) antiviruses:
Now you can clean AVG's Quarantine:
  • Open AVG Anti-Spyware
  • Click Infections
  • Click Quarantine tab
  • Click Select all
  • Click Remove finally
  • Close the program
You can remove the tools we used.

Then you should update your Java to the latest version (6.0)
  • [*]Start
    [*]Control Panel
    [*]Add/Remove Programs
  • Delete the old Java, J2SE Runtime Environment 5.0 Update 6
  • Download the latest version of Java Runtime Environment (JRE) 6.0.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Install it
Now you can make your hidden files hidden again.
  • Go to My Computer
  • Select the Tools menu and click Folder Options
  • Click the View tab.
  • Checkmark the "Display the contents of system folders"
  • Under the Hidden files and folders select "Show hidden files and folders"
  • Check "Hide protected operating system files"
  • Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
  • Clear your system restore
    This will clear the system restore folders from possible malware that was left behind during the cleaning process.
  • Use ATF Cleaner
    Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Keep your systen up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Stay clean and be safe ;)
 
first of all BIG thanks Jak3, you're an :angel:


Mr_JAk3 said:
You should be careful on what you download :mad:

Delete the following infected files:
D:\MOBILE TOOLS\PC HOME\AGO\ANTISPAM Free\FreeSaverMP3.exe
...
G:\#Miky\AGSetup0608.exe
Click to expand...
you're right, but I'm not the only using this PC :fear:
anyway these all are programs setup, but no one of them is ever been installed..
BSINSTALL is the setup of BearShare, don't know why I kept the installer but I uninstalled that program looong time ago ;)


Mr_JAk3 said:
And delete the following folders:
F:\#Lory\Themes\logon
F:\#Lory\Themes\stili visivi
Click to expand...
uhm... all these infected exe are visual styles and logons downloaded time ago from http://themexp.org :mad:, i'll delete them...


Mr_JAk3 said:
You don't have an antivirus on your computer, you must install one antivirus. Otherwise you'll get infected again.
Click to expand...
uh yeah, Avast4 home is installed! as you read in topic title it was partially deleted by a malware, now I reinstalled it :bigthumb:


Mr_JAk3 said:
You don't seem to have a third-party firewall installed. You must install one firewall.
Click to expand...
yeah, that's true... I'll install one (I haven't yet because of the worry of slowing down PC performances...). the ones you listed are equivalent? any preference?


about SpywareBlaster and SpywareGuard, they shouldn't have conflict with any av/firewall right?

about Ad-Aware, Spybot, Firefox, I use them regularly... the infection that drove me here has probably caused by a bad file downloaded from eMule... my fault! :(

about ATF Cleaner, I regularly use CCleaner, it seem to be a valid alternative... is it?


last but not least: safe mode boot still not work any idea about?
 
Hi :)

Downloading custom themes is an easy way the get infected...

Good, antivirus is a must-have.

Well I use ZoneAlarm at the moment, it is very easy to use and here is a good ZoneAlarm guide.

SpywareBlaster wont conflict you AV or eat your memory.

Yes you get best results by using multiple scanners.

Yes CCleaner and ATF Cleaner do the same thing.

Ok the safe mode. Please see these instructios and let me know if you're able to access to the safe mode -> Link :bigthumb:
 
You must log in or register to reply here.
Back
Top