Your Avast! antivirus appears to be disabled. Is this intentional? You have no protection with it disabled. Please attempt to re-enable it.
Quote:
|
For some reason I have a program called WD Diagnostics on my computer that is a "new" program, I havent installed it...should I remove it?
|
Did you recently install a new Western Digital hard drive? WD Diagnostics is a set of tools that gets installed alongside, though you should be aware of this happening.
Let's get to the rest of your infection.
I see you have ewido anti-malware installed alongside AVG Anti-Spyware. AVG Anti-Spyware is the replacement application for ewido anti-malware, ever since Grisoft bought ewido. I recommend you uninstall ewido anti-malware.
Also Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
These are outdated versions, and security risks simply by having them still installed.
Leave J2SE Runtime Environment 5.0 Update 10 alone.
---------------------------------------------------------------------------------------------
Please print out or copy these instructions/tutorial to Notepad as the internet will not (while in Safe Mode) be available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
---------------------------------------------------------------------------------------------
Please download the
Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.
Run SFP.exe.
Please copy the following lines into the
Step 1: Paste Text window:
C:\Program Files\Java\jre1.5.0_06\bin\svchost.exe
then click "Continue".
This will create a .cab file on your desktop named
requested-files[Date/Time].cab
Next, please visit TheSpyKillers forum
HERE
Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop.
Please return with a link to your Spykillers thread in your next reply.
---------------------------------------------------------------------------------------------
Please download
SmitfraudFix (by
S!Ri) to your Desktop.
---------------------------------------------------------------------------------------------
I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.
Run AVG Anti-Spyware- From the main screen, click on update, then click the Start
update button.
- After the update finishes (the status bar at the bottom will display "Update
successful")
- select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
- Exit AVG Anti-Spyware. DO NOT scan yet.
---------------------------------------------------------------------------------------------
Please download
ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only- We'll use this later.
---------------------------------------------------------------------------------------------
Reboot your computer in Safe Mode.- If the computer is running, shut down Windows, and then turn off the power.
- Wait 30 seconds, and then turn the computer on.
- Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
- Ensure that the Safe Mode option is selected.
- Press Enter. The computer then begins to start in Safe mode.
- Login on your usual account.
---------------------------------------------------------------------------------------------
Double-click smitfraudfix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot back into in Safe Mode.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
---------------------------------------------------------------------------------------------
Clean out your Temporary Internet files.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click
Exit on the Main menu to close the program.
For
Technical Support, double-click the e-mail address located at the bottom of each menu.
---------------------------------------------------------------------------------------------
Next go to
Control Panel click Display>Desktop>Customize Desktop>Web> Now,
Uncheck Everything and delete if present:
- "Security Info"
- "Warning Message"
- "Security Desktop"
- "Warning Homepage"
- "Desktop Uninstall" or something similar
Also make sure the
'Lock desktop items' box is
unticked. Click
OK, and then Click
Apply, then
OK.
---------------------------------------------------------------------------------------------
Run
AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
- If you have any infections you will prompted, then select "Apply all actions"
- Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
Restart in normal mode.
---------------------------------------------------------------------------------------------
Double-click
smitfraudfix.exe to start the tool.
Select option
#3 - Delete Trusted zone by typing
3 and press
Enter
Answer
Yes to the question "Restore Trusted Zone ?" by typing
Y and hit
Enter.
Note, if you use
SpywareBlaster and/or
IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
---------------------------------------------------------------------------------------------
Perform an online scan with Internet Explorer with
Panda ActiveScan- Click on
located at the bottom of the page.
- A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
- Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
- If it finds any malware, it will offer you a report.
- Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
- Click on
then click 
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
---------------------------------------------------------------------------------------------
Run a new HijackThis scan. Save the log file and post it here.
---------------------------------------------------------------------------------------------
Then post the following logs in your next reply...
link to Spykillers thread
C:\rapport.txt (log from the tool)
AVG Anti-Spyware log
Panda log
Hijackthis log