jorbroni
asked on
fraud.XPAntivirus
Spybot pick up the fraud.XPAntivirus malware and deleted but it keeps coming back. I have been trying to get rid of it for the longest.
Can someone help? Attach is my Hijackthis log
hijackthis.log
Before you run your scans disable System Restore.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
Then boot into Safe Mode (F8 at startup).
Log on with your usual name/password and run the suites suggested by rpggamergirl.
Once the scans are completed, reboot and test.
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/systemrestore.mspx
Then boot into Safe Mode (F8 at startup).
Log on with your usual name/password and run the suites suggested by rpggamergirl.
Once the scans are completed, reboot and test.
You'll notice a majority of the bad entries listed in your Hijack This folder are coming out of your temporary files. Before you run rpggamergirl's scans, download and run CCleaner to empty out all of your temporary files.
http://www.ccleaner.com/download
http://www.ccleaner.com/download
ASKER
I fix the entries in the list above in hijackthis, but one of them will not go away
O2 - BHO: C:\WINDOWS\system32\hs7834 4kjkfd.dll - {c5bf49a2-94f3-42bd-f434-3 604812c895 5} - C:\WINDOWS\system32\hs7834 4kjkfd.dll
O2 - BHO: C:\WINDOWS\system32\hs7834
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I assume the problem is resolved?
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thanks.
To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:
ComboFix /u
Thanks.
O2 - BHO: (no name) - {6B04EDE4-E7F2-4BF7-907A-8
O2 - BHO: C:\WINDOWS\system32\hs7834
O4 - HKCU\..\Run: [tk6uh0omas3ssopym946m2miz
O4 - HKCU\..\Run: [l5wb9n0ot7yxs3oo2m] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [z3oe0v4gjqnkg2ugzvtvhv51j
O4 - HKCU\..\Run: [m5ikbuow02czpk9zhjt3yotsn
O4 - HKCU\..\Run: [u2qomh3qpmtx4monpdah5w2sj
O4 - HKCU\..\Run: [j8mknyo4k8u9xxtjbjrpyo734
O4 - HKCU\..\Run: [yusvzwqobr3kpak66kdcoctss
O4 - HKCU\..\Run: [f9eaijxdib] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [g42wcz3vbq269akstz5uygqhu
O4 - HKCU\..\Run: [z1ymr9bvsjlxtx15poud1i2r5
O4 - HKCU\..\Run: [rszdpmgy7bed87rr] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [vp6m9tyqvcpu31gg5pfwqnyjz
O4 - HKCU\..\Run: [nyual6iicaxgzx6hcqeujbjuq
O4 - HKCU\..\Run: [ivjnpn9jazhgc5eihvrl4t2ce
O4 - HKCU\..\Run: [qg8ysz4l36reda0pbvjmke] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [dfbfuv3sbdb6kin6cqrj5iydh
O4 - HKCU\..\Run: [ih37cprpplz274arzzltbt3mr
O4 - HKCU\..\Run: [cq9jfnpp9b81awvirlynrux] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [spas6ckun93r81vh7tfb6o9an
O4 - HKCU\..\Run: [g5k0zyee8o1va] C:\DOCUME~1\REGINA~1\LOCAL
O4 - HKCU\..\Run: [cmpu3wbdvttezls6b4e11n0v2
O4 - HKCU\..\Run: [k2h34uolifjw70tdjl5947bku
O7 - HKCU\Software\Microsoft\Wi
O20 - Winlogon Notify: CNMnt5 - CNMnt5.dll (file missing)
O20 - Winlogon Notify: crypt - C:\WINDOWS\SYSTEM32\crypts
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3
And run these 2 tools and show us the logs.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.or
If you can't access the above link then use this link and rename the file before saving to your desktop.
http://www.download.com/Ma
2. Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.