This is my HijackThis log, i managed to remove vturq with some help from your forum, but it keeps saying your computer may be infected please get some anti-spyware.

can anyone give me any help from looking at this log?

Attached Files

hijackthis.log (8.0 KB, 3 views)

Hy there Kim , welcome to PCHF.

You are the lucky owner of some brand new Malware... Let's get rid of it.





Before fixing things with HijackThis Please Do the Following:


Show hidden files and folders:

For XP:

1. On the Tools menu in Windows Explorer, click Folder Options.
2. Click the View tab.
3. Under Hidden files and folders, click Show hidden files and folders.
4. If you see a warning message, click Yes.
5. Click Apply.
6. Click OK.

Disable System Restore to prevent re-infection.
(If you have/use it. You can turn it back on when youre PC is clean).

How to disable system restore:

WinXP.

1. Click the Start button.
2. Right-click My Computer, and then click Properties.
3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.

Please download CCleaner

uninstall "Spyware Cleaner" in add/remove programs.

Then boot in safemode (hit f8 when booting up) and fix these with hjt:

Then delete the files in bold , and run Ccleaner.

Reboot - press F8 during boot, select "SAFE MODE WITH PROMPT"

Change directory to c:\windows\system32 (type cd windows <enter> then type cd system32 <enter>) [cd = Change Directory]
Type del mssearchnet.exe [del = delete]
Type cd\ [The "\" will back you up one directory or "folder"]
Type cd prefetch
Type del mssearchnet*
Type cd\ (twice, back to the c:\ prompt)
At the C:\ prompt Type REGEDIT
The registry editor will pop up

Use EDIT, then FIND >>> search for mssearchnet - delete all entries
Do it again, until the search function says nothing else found, it is in there several times (3 different places I think)


Reboot and post a new hjt log please.

ok, first of all I have managed to get Webroot Spy Sweeper and I think it has solved most of the problems.

Apart from one.

When i load up Internet Explorer the home page always goes to:

yoursystemupdate.com

which claims I have virus on my computer etc....

I cannot get rid of this as my homepage, its just annoying, not really a problem.

I have also added my last Log, so If you could let me know if there is anything to worry about I would be greatful.

thanks again

Phil

Attached Files

hijackthis.log (8.8 KB, 1 views)

So you only run the Spysweeper scan?
Then you should still follow the instructions i posted to get rid of the rest.
But not all of it is there after running spysweeper (most is) , so if something isn't there anymore then skip that part.

Hi again,

In safe mode with prompt I cannot get the directory to system32

it starts with c:/my documents and settings/ etc..... and i cannot even get it to just the c: drive

I have done everything else up to this point, is there any more help you can give?

Thanks for all your help,

Phil

You can skip the command prompt part , spysweeper has removed that infection.

Can you attach a new hjt log to check , and a description of the remaining problems?

here is the log, I am no longer experiencing any problems, but if there is something in the log you think is a problem please let me know.

Many Thanks again,

Phil

Attached Files

hijackthis.log (8.6 KB, 1 views)