OK PJ,

You get a reprieve, a SMALL reprieve. The matter still stands, that if you come here for help, we have some pretty high expectations for you specifically. I can understand your waiting for Joe's go ahead before updating etc.

However, I wrote that KNOWING that it was your brother's computer, you would have recieved ZERO sympathy had it been yours, (what was your first thread? Like 26 pages?! ) So I still say, you are the designated educator in the family in regard to malware protection, (not removal, that's not on you yet.)

You should have instructed your brother on what you had installed. He should recognize what protection he has, and what he needs, or he should be restricted as to where he can go. Have him read the PCHF Protect Your PC article, you can get a new copy from my signature.

I am very proud of you for spreading the word of malware protection, and think you are going to be one heck of a tech by the time we are through with you .

So, where are we at with the malware removal, it seems that everytime you post a new log, there are new infections. Is your brother being allowed to use this computer in between fixes? If so, please ask that he not until the computer is fixed, or it may become unusable.

Looking forward to your next reply, as always,

TTFN

LGW

We'll see, I'll make that decision at the end of this fiasco.

BTW, when you install something on someone's computer, their being there or not is irrelevant. You should have left him a detailed note, or word document with the title "IMPORTANT!!! BROTHER"S NAME READ THIS BEFORE YOU DO ANYTHING!!" Communication is important in tech work.

In the mean time, if your brother is old enough to have a job, he is old enough to learn how to not infect his PC. Give him the article. I'd also get him to pay you for your time. Imagine the learning curve HE would have to go through. LOL.

OK, so question still stands, where are we at as far as the malware removal is concerned.

Looking forward to your reply,

TTFN

LGW

Hya PJ.


Well , you probebly will understand that if the same member keeps coming back with malware infested hjt logs , without a firewall , without an AV , and windows heavely out of date everytime , even after told dozens of times to install them and update that that can be very annoying to say the least.

And now in this thread you start with one infection , then you have two infections , and in the last log there are a hole bunch of infections on there..


Download Pocket Killbox:
http://www.atribune.org/downloads/KillBox.exe

Download Smitrem to your desktop:
http://noahdfear.geekstogo.com/click...click.php?id=1
Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.

Please attach this log to your next reply.

Then fix these with hjt: (in safemode)

Then do a manual search for funk.exe and delete what you find.


Start Killbox and place a tick next to [x]delete on reboot.
And press the "all files" button. (just above the yellow triangle)

Copy this list into the windows clipboard:
(highlight the text , and select "copy")


C:\ann.exe
C:\WINDOWS\system32\oleext.dll
C:\Program Files\Internet Explorer\btrdcixr.exe
C:\Documents and Settings\Quenton.PIMPS-HQ9ULWXMQ\Local Settings\Temporary Internet Files\Content.IE5\GQI1BCM5\p[1].anr
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\System32\86f02c7c.exe
C:\Documents and Settings\Quenton.PIMPS-HQ9ULWXMQ\Local Settings\Application Data\86f02c7c.exe
C:\Program Files\Internet Explorer\urqcwhcc.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00000.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\tmp.tmp


Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.

Exit Killbox and restart your PC.


Note:
You will need to reload your wallpaper as the SmitRem tool will reset it, you can do this in desktop properties on the Desktop tab , and choose the one you want to use and press apply.

And XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.

When done , post the smitrem log , plus a new hjt log.

Ok, I went into safe mode and couldnt even find those files, I ran Smitrem, and deleted the things on HJT. Now as far as Killbox. . I did everything you said I hit "Delete on reboot" and clicked "All files" then copied all the files from the pad and hit "paste from clipboard" and it told me that I didnt specify a path or something like that. So I dunno what to do, I tried doing it one by one but that didnt work either.

Thats strange , try it with hjt:

? Open HijackThis, click Open the Misc Toos section, then click Delete a file on bootup
- a window will open
- Type or copy/paste in the window: C:\ann.exe
- Click Open
- A prompt will appear advising you that the file will be deleted and asking if you want to reboot now
- Click "no" , and continue with the rest of the list , and after the last click "yes"
- Your computer will now reboot.

Ok, that worked like you said it would. and here are the latest logs