[heir]

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.

[Advertisements]

Well the internet is working again, the vimax ads are gone, and the google redirecting seems to have stopped. Is there anything else I should do?

Thanks,

--ezstreet1

[ezstreet1]

Well the internet is working again, the vimax ads are gone, and the google redirecting seems to have stopped. Is there anything else I should do?

Thanks,

--ezstreet1

[heir]

Almost there.
Let's run a couple of scanners.

Step 1.
Clean temp locations:

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

• The content of the report from MBAM from Step 2.
• The content of the report from Kaspersky Online Scanner from Step 3.

[ezstreet1]

Malwarebytes' Anti-Malware 1.40
Database version: 2709
Windows 5.1.2600 Service Pack 3

8/28/2009 3:00:19 PM
mbam-log-2009-08-28 (15-00-19).txt

Scan type: Quick Scan
Objects scanned: 100207
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 29, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 29, 2009 20:15:31
Records in database: 2705419
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 127732
Threats found: 3
Infected objects found: 29
Suspicious objects found: 1
Scan duration: 03:45:39


File name / Threat / Threats count
C:\Documents and Settings\Christian Street\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Christian Street\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Infected: Trojan.JS.Redirector.b 28
C:\Documents and Settings\Christian Street\My Documents\LimeWire\Saved\a kid named cudi.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

Selected area has been scanned.



Thanks!

-ezstreet

[heir]

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\Documents and Settings\Christian Street\My Documents\LimeWire\Saved\a kid named cudi.mp3
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the OTL fixlog

C:\Documents and Settings\Christian Street\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Christian Street\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Hotmail - Inbox.dbx Infected: Trojan.JS.Redirector.b 28

These lines shows that you have an infected e-mail in Outlook express. (in a folder named Hotmail). Check you Hotmail folder in Outlook express and remove mails that you are sure you managed be without.


Rerun Kaspersky online scanner to check that the infected mails are gone.


Post the two logs for review and after that we will do the housekeeping and get you set again.

[ezstreet1]

All processes killed
========== FILES ==========
C:\Documents and Settings\Christian Street\My Documents\LimeWire\Saved\a kid named cudi.mp3 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Christian Street
->Temp folder emptied: 79950838 bytes
->Temporary Internet Files folder emptied: 17134762 bytes
->Java cache emptied: 13553522 bytes
->FireFox cache emptied: 3418066 bytes
->Google Chrome cache emptied: 91988204 bytes
->Apple Safari cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 411368 bytes
File delete failed. C:\WINDOWS\temp\WFV181.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 49021183 bytes
RecycleBin emptied: 420788 bytes

Total Files Cleaned = 244.08 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08302009_024207

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\WFV181.tmp not found!

Registry entries deleted on Reboot...




--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 30, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 30, 2009 09:00:21
Records in database: 2724665
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 126651
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:13:57


File name / Threat / Threats count
C:\_OTL\MovedFiles\08302009_024207\Documents and Settings\Christian Street\My Documents\LimeWire\Saved\a kid named cudi.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1

Selected area has been scanned.




Thanks!
-ezstreet

[heir]

Edited

Edited by heir, 30 August 2009 - 10:03 AM.
Wrong post

[heir]

Hey there, ezstreet1 !

OK! Well done, your log is clean again!

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
  

Second:
Double-click OTL.exe to start it.
Click the CleanUp button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL CleanUp.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

• Click Start.
• Select Settings and then Control Panel.
• Select Automatic Updates.
• Click Automatic (recommended)
• Choose a day and a time when you know the computer will be on and connected to the internet.
• Click Apply then OK.

Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

• SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here

.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

• Trillian or,
• Miranda-IM

Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

[ezstreet1]

Thank you so much for all your help! I have no idea what I would have done without this site, and more importantly you!

Your hard work is much appreciated!

Best,

--ezstreet

[ezstreet1]

One more thing,

In the post you recommended it mentions a few things that are specific to Internet Explorer. And if I am reading things right, IESpy-Ad only works with IE. I prefer Google Chrome. Am I setting myself up for problems by using Chrome?

Thanks,

-ezstreet

[heir]

Am I setting myself up for problems by using Chrome?

Not that I am aware off. I prefer Firefox myself.

No need to add those tools then.

[ezstreet1]

Everything continues to work as it should.

I want to once more express my gratitude for your help, heir! I would have been lost without you.

Thank you!

--ezstreet

[heir]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.