Member Panel

Matt87 · 04:38 PM

Hi my friend has a really bad virus infection , hope u can help it out

Hengis

Where's the log?

Matt87

sorry , i posted it too fast

joe5

Hi Matt.

He has a Spywarequake and an Spyfalcon infection on there , among severall others.

First have him uninstall WinAntiVirus Pro 2006 , that is no AV but malware itself.

Then run the Smitfraud fix , see link and instructions here:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

And when done post the Smitfraud log , plus a new hjt log to get the rest.

Matt87

Here is it

joe5

Lets get the rest of it.

First uninstall Ultimate Defender in add/remove programs if present.

Click Start>Run and type in: services.msc
Click OK
In the Services window find: Firewall service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Open HJT and click config > misc tools > “delete an NT service”
Copy and past: FWSvc
Click OK.

Then boot in safemode and fix these with hjt:
(if still present)

O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\COMMON~1\CROSOF~1\arpa.exe" -vt yax
O4 - HKCU\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
O23 - Service: Firewall service (FWSvc) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe (file missing)

Delete the files in bold manually and also delete this file:

C:\WINDOWS\system32\regperf.exe

Then reboot , and post a new hjt log to check if its gone.

Matt87

Here is it

Member Panel

Sponsors and Ads

Noticeboard