[Rawe]

Ok, further instructions. (In case your system isn't clean yet. Please follow these, we'll see then.)

First run CleanUp! making sure to reboot when prompted.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
• Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directoy as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
• Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
  Disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
• Once the definitions are installed and shields disabled, click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into your next reply.

- Rawe

[Advertisements]

Hello again! Did you miss me? As i have told you the problem remains. Yahoo!! I'm getting used to this virus, i will feel very unhappy if you manage to get rid of him. I'll report some other symptoms of the virus in case they say sth to you. Before the system collapses some of the icons in the screen turn into pink. They change there colour! Mgrsts must be sth like a painter! I'm mot syre about the one i'm going to say but here it is. I have an optical mouse of microsoft. I believed that when i am closing the computer the mouse should close too. But it did not. This may be irrelevant but i have to mention it. I think that we have to get rid of mgrsts. Unfortunatelly when i delete this thing, the next time i open my PC it's still there! Something like magic. Anyway the problem remains my dear helper and as you can guess i still need your advice.

[Help Panos]

Hello again! Did you miss me? As i have told you the problem remains. Yahoo!! I'm getting used to this virus, i will feel very unhappy if you manage to get rid of him. I'll report some other symptoms of the virus in case they say sth to you. Before the system collapses some of the icons in the screen turn into pink. They change there colour! Mgrsts must be sth like a painter! I'm mot syre about the one i'm going to say but here it is. I have an optical mouse of microsoft. I believed that when i am closing the computer the mouse should close too. But it did not. This may be irrelevant but i have to mention it. I think that we have to get rid of mgrsts. Unfortunatelly when i delete this thing, the next time i open my PC it's still there! Something like magic. Anyway the problem remains my dear helper and as you can guess i still need your advice.

[Rawe]

Hello again! I actually did post further instructions, just above your reply, please follow them

- Rawe

[Help Panos]

Believe it or not i haven't been able to open my computer until today. Mgrsts was closing the PC before i say ' Jack Robinson'( i think that this is an expression of speed). Below is what you asked me.

********
7:06 PM: |••• Start of Session, Monday, July 18, 2005 •••|
7:06 PM: Spy Sweeper started
7:06 PM: Sweep initiated using definitions version 505
7:06 PM: Starting Memory Sweep
7:08 PM: Memory Sweep Complete, Elapsed Time: 00:01:24
7:08 PM: Starting Registry Sweep
7:08 PM: Found Adware: dluca
7:08 PM: HKU\S-1-5-21-861567501-796845957-839522115-1004\software\program info\ (ID = 4386231)
7:08 PM: Found Adware: hot as [bleep]
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {5f1abcdb-a875-46c1-8345-b72a4567e486} (ID = 4388185)
7:08 PM: Found Adware: instant access
7:08 PM: HKU\S-1-5-21-861567501-796845957-839522115-1004\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 4389920)
7:08 PM: Found Adware: internetoptimizer
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\avenue media\ (ID = 4389954)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\urlsearchhooks\ || _{cfbfae00-17a6-11d0-99cb-00c04fd64497} (ID = 4389964)
7:08 PM: Found Adware: istbar
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\ist\ (4 subtraces) (ID = 4390190)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\istbar\ (19 subtraces) (ID = 4390191)
7:08 PM: Found Adware: 180search assistant
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\sais\ (17 subtraces) (ID = 4396963)
7:08 PM: Found Adware: one2one viewer
7:08 PM: HKU\S-1-5-21-861567501-796845957-839522115-1004\software\livesvc\ (ID = 4397582)
7:08 PM: Found Adware: powerscan
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\powerscan\ (1 subtraces) (ID = 4398126)
7:08 PM: Found Adware: bho_sidefind
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\explorer bars\{8cba1b49-8144-4721-a7b1-64c578c9eed7}\ (1 subtraces) (ID = 4403219)
7:08 PM: HKU\S-1-5-21-861567501-796845957-839522115-1004\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 4403220)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 4403220)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1005\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 4403220)
7:08 PM: Found Adware: slotchbar
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {5f1abcdb-a875-46c1-8345-b72a4567e486} (ID = 4403284)
7:08 PM: Found Adware: targetsaver
7:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 4405116)
7:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 4405117)
7:08 PM: HKLM\software\tsa\ (3 subtraces) (ID = 4405124)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\tsl2\ (1 subtraces) (ID = 4405125)
7:08 PM: Found Adware: targetsoft
7:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsl installer\ (1 subtraces) (ID = 4405132)
7:08 PM: Found Adware: teenxxx (tinybar)
7:08 PM: HKU\WRSS_Profile_S-1-5-21-861567501-796845957-839522115-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {5f1abcdb-a875-46c1-8345-b72a4567e486} (ID = 4405154)
7:08 PM: Registry Sweep Complete, Elapsed Time:00:00:09
7:08 PM: Starting Cookie Sweep
7:08 PM: Found Cookie: netvenda cookie
7:08 PM: xenofondas@netvenda[1].txt (ID = 181505)
7:08 PM: [email protected][1].txt (ID = 181506)
7:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
7:08 PM: Starting File Sweep
7:08 PM: uninstall.exe (ID = 4116056)
7:09 PM: istbar_silent[1].dll (ID = 4106834)
7:09 PM: tsupdate[1].ini (ID = 4122519)
7:09 PM: power_remove[1].exe (ID = 4116056)
7:09 PM: tsuninst.exe (ID = 4122515)
7:10 PM: Found Adware: tibs dialer
7:10 PM: hot.lnk (ID = 4123598)
7:10 PM: affupdate[1].ini (ID = 4122466)
7:10 PM: File Sweep Complete, Elapsed Time: 00:02:30
7:10 PM: Full Sweep has completed. Elapsed time 00:04:06
7:10 PM: Traces Found: 80
7:12 PM: Removal process initiated
7:12 PM: Quarantining All Traces: dluca
7:12 PM: Quarantining All Traces: hot as [bleep]
7:12 PM: Quarantining All Traces: instant access
7:12 PM: Quarantining All Traces: internetoptimizer
7:12 PM: Quarantining All Traces: istbar
7:12 PM: Quarantining All Traces: 180search assistant
7:12 PM: Quarantining All Traces: one2one viewer
7:12 PM: Quarantining All Traces: powerscan
7:12 PM: Quarantining All Traces: bho_sidefind
7:12 PM: Quarantining All Traces: slotchbar
7:12 PM: Quarantining All Traces: targetsaver
7:12 PM: Quarantining All Traces: targetsoft
7:12 PM: Quarantining All Traces: teenxxx (tinybar)
7:12 PM: Quarantining All Traces: netvenda cookie
7:12 PM: Quarantining All Traces: tibs dialer
7:12 PM: Removal process completed. Elapsed time 00:00:03
********
7:03 PM: |••• Start of Session, Monday, July 18, 2005 •••|
7:03 PM: Spy Sweeper started
7:03 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 7C910370 in module 'ntdll.dll'. Read of address 00000058
7:03 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 7C910370 in module 'ntdll.dll'. Read of address 00000024
7:03 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 7C910370 in module 'ntdll.dll'. Read of address 0000003C

I may have to pay in order to get it fixed from a store which repairs such problems. Thanks a lot anyway and if you have anything to suggest you are welcome!

[Rawe]

Hi again!

Don't do anything yet!
We will get your machine clean, believe it or not.

Looks like SpySweeper made some thorough cleaning for you - please do the following;

Please download;

Ewido Security Suite

it is a free version of the program.

• Install Ewido Security Suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display "Update successful")
• Exit Ewido. DO NOT run a scan yet.

If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Now open Ewido and do a scan of your system.

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• NOTE; During some scans with Ewido it is finding cases of false positives.**
  • You will need to step through the process of cleaning files one-by-one.
  • If Ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found, select none for now as the action.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

When done, run CleanUp. REBOOT!!

Run a new scan with HiJackThis and post the fresh log here along with the log from Ewido.

- Rawe

[Help Panos]

Ok i'm back and ready to follow your instructions. Your being optimistic really makes me happy! I'll inform you soon about the result.

[Help Panos]

Here i am with the things you asked me to.First Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:51:49 PM, 7/22/2005
+ Report-Checksum: C224349B

+ Scan result:

:mozilla.44:C:\Documents and Settings\Panos\Application Data\Mozilla\Firefox\Profiles\jq2pdrbh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Panos\Application Data\Mozilla\Firefox\Profiles\jq2pdrbh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Panos\Application Data\Mozilla\Firefox\Profiles\jq2pdrbh.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Panos\Application Data\Mozilla\Firefox\Profiles\jq2pdrbh.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup


::Report End

Then Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 9:56:39 PM, on 7/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Panos\Desktop\HijackThis.exe

O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

That's all folks!!

[Rawe]

Are you still having problems?

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Standard
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

- Rawe

[Help Panos]

Listen carefully my friend...(by the way my helper is a girl or a boy?) the virus must have been destroyed!!!!! I can't find mgrsts and the computer seems to work fine. In case that the problem reappears within the next day i shall report back. I do not understand how this happened because i did the same thing with ewido and cleanup the previous time. It doesn't matter. I can't find the virus!! Bye, bye mgrsts! I really really thank you. If i ever need to ask sth i will continue to the same topic? I again thank you for your help. I do not have enough words to thank you!! I'm really obliged. Good night!

[Rawe]

Thanks to your compliments

I'm a boy (at least I think I am )

Ok, these are the final steps to make sure you won't get infected again..

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".

REBOOT!!

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".


System Restore will now be active again. Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
• Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
• More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.

And also see TonyKlein's good advice;
So how did I get infected in the first place?

- Rawe

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html

Post back tomorrow with the results of the Kaspersky scan if you still notice problems - also give some more info about what problems are you having.

Keep up with the same thread - I will leave this open for some time to hear back from you first. If everything's fine - I will close this topic. Night!

[Help Panos]

The System restore button was already cheched. Should i enable it? It seems a stupid question from my side but i have to be sure. By the way i do not believe that i have the necessary knowledge in order to help other people with such problems. But i tend to lern more about computer problems and when i'm ready i may try to help other people. Thanks again and i hope for you that you 'll have the solutions to all the PC's malfunctions!

[Rawe]

The System restore button was already cheched. Should i enable it?

If System Restore was disabled by default - then absolutely - make sure to enable it.

By the way i do not believe that i have the necessary knowledge in order to help other people with such problems.

That's why I referred you to that thread! We have sooo great geeku moderators around here..
They'll teach you!!
As a sidenote;
I barely knew what is HJT a little more than couple months ago. Then I just decided to learn more about HiJackThis. And GeekU is great! (You can see why - I'm here now, am I?)

And to continue - take a look at Tony Klein's article - as well make sure to install AT LEAST SpywareBlaster - keep your anti-virus/anti-spyware/firewall software updated, make sure to update your browsers/other applications you use, as well as make sure to apply any available critical windows updates.

(Keep CleanUp to use it periodically )

- Rawe

Edited by Rawe, 22 July 2005 - 02:04 PM.

[Help Panos]

I created a restore point. Should i know disable system restore? i think that this is my last question for today. Within two days i"ll tell you if everything is ok. Thanks Finland!

[Rawe]

No, keep it enabled if you created a restore point.

Also install some of the applications I recommended - keep everything updated too.

I'll wait for your reply - I'll leave the thread open until then. You may also uninstall some of the software you needed during the process - unless you want to keep them

- Rawe

You're most welcome, glad to help!

[Help Panos]

You can close the topic! No problem seems in the horizon. Thank you for one more time and i believe that in the future i 'll participate in this site. See you!!