Finally, I have not yet installed a firewall. I want to talk to the owner of the computer first, and he won't be available until next week. I will download one of the free ones where he can find it.
Frankly speaking, I will need you to run ComboFix at least once so that I can verify the computer fully free from Virut infection, since the real thing is, nothing can escape Virut without full re-format to date.. I've received some advices from several experts stating that you actually need to reformat the computer due to Virut, but I'd really like to see our progress for now..
If you still unable to run ComboFix after these step, then, I'd seriously have to suggest you (as per advised from the experts) to reformat the computer..
Please re-enable the System Restore.. Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..
NEXT
Run ERUNT again to backup the Registry... Please disable the Rising Antivirus during this fixes.. Re-enable back Rising Antivirus after you finish the ComboFix step
Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..
:processes explorer.exe :services NNServ terms :files C:\Program Files\NewDotNet C:\WINDOWS\system32\terminals.exe C:\WINDOWS\privacy_danger C:\WINDOWS\system32\dapavama.dll C:\WINDOWS\TEMP\winlognn.exe :commands [purity] [emptytemp] [start explorer] [reboot]
NEXT
Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox...aspx?tbid=80205
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80205
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-19\..\Run: [nepifadisi] Rundll32.exe "C:\WINDOWS\system32\dapavama.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYOHUS
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.
NEXT
Insert your Windows CD (SP2 or SP3) to the computer and do below..
* Click Start >> Run >> copy/paste sfc /scannow >> Enter.
o Note the space between the c and the /
* Allow the scan to run and when completed, reboot the system.
NEXT
Reboot your computer and delete your version of ComboFix from the computer.. Also delete C:\qoobox folder if any.. Then do below..
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..
Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..
Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..
Post me the OTMoveIt3 and ComboFix logs in your next reply..
Edited by fenzodahl512, 27 February 2009 - 10:30 PM.