Virus? Virus? Virus?

julie8314dave

computer seems to be up and running, but spyware docter insists that there are still 4 threats and 181 infections, we have scanned with avg, taken norton off, does this mean that the spyware doctor just wants us to subscribe for £39.99 and these are still on there, or would it be best to go back to factory settings if anyone can give me some advice please, only ever done it with xp and not vista.
thanks in advance.

Dave

The_Economist

Hi,
not over keen on spyware doctor. Have you tried spybot search and destroy and Ad-aware.

aliEnRIK

Cant see anything in the combofix log

Id really recommend as follows ~
UPDATE malwarebytes and run a FULL scan and post that log

Download HostsXpert
http://download.softpedia.com/dl/a688cad746f64494e3ba8aee103f97e4/4b3ceb67/100027041/software/system/HostsXpert.zip
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program



..............................................................................



Download SPYBOT (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure TEA TIMER is UNTICKED on installation)
http://www.filehippo.com/download_spybot_search_destroy/
UPDATE and IMMUNISE (Make sure it reads ZERO unprotected) and SCAN


..............................................................................................


Download and run the FREE version of DR WEB
http://www.freedrweb.com/download+cureit/gr/
Turn your anti virus OFF
Click CANCEL to the 'Would you like to read purchase terms now?' message
Click START click OK
It will auto QUICK scan
After that set to scan the WHOLE computer and press the 'play' icon

***DO NOT UPGRADE TO FULL VERSION***

aliEnRIK

Also, as youve just removed norton (You really shouldnt do things like that until you KNOW your clean)

Use the Norton removal tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

Download another copy of combofix and run that and post the log (you need to download a fresh copy to get the latest version)

julie8314dave

Update Malarebytes and posted log Thanks do you mean download all 3 progames

Dave

Malwarebytes' Anti-Malware 1.44
Database version: 3581
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
17/01/2010 09:47:17
mbam-log-2010-01-17 (09-47-17).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 211404
Time elapsed: 1 hour(s), 1 minute(s), 26 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 7
Memory Processes Infected:
C:\Program Files\Adware Professional\Adware Professional.exe (Rogue.AdwarePro) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Adware Professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware professional 5.0_is1 (Rogue.AdwarePro) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\adware professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Adware Professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\Adware Professional\logs (Rogue.AdwarePro) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Adware Professional\Adware Professional.exe (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Users\PEGGY\Desktop\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Adware Professional\noadware4_081909.na (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\Adware Professional\unins000.dat (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\Adware Professional\unins000.exe (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Program Files\Adware Professional\UninstlDll.dll (Rogue.AdwarePro) -> Quarantined and deleted successfully.
C:\Users\PEGGY\Desktop\Adware Professional.lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.

aliEnRIK

Can you provide a link to that adaware program youve just installed? Youve installed a bogus program which has made things worse!

Yes, please download and follow the instructions for all the programs I posted links to. Make sure you download and install the ACTUAL programs (Most of them have advertisments that people click by mistake)

julie8314dave

Hi!
Tried to do this
Download HostsXpert
http://download.softpedia.com/dl/a68...HostsXpert.zip
and then follow the below steps.

On clicking ms restore host file Error message appeared:

Error can not create file C:\windows\system32\drivers\etc\hosts

Not sure what to do next.
Do you think it would be better to just format the whole lot please. I do not have a disk and would like to know how to from recovery.

Many Thanks.

Dave.

aliEnRIK

Upto you. It would be best to format and start again definitely

If you wish to continue then skip the hosts section out

If you wish to format etc then id suggest starting a new thread

julie8314dave

Sorry not sure what you mean as i updated malware bytes, then downloaded from the hostsxpert link you sent.

julie8314dave

I have started a new thread, is anybody out there please?