Gday, think I might have the same problem as "wolfey", this so called BACTERA VIRUS. Had a website pop up that i had it and that I should download there virus-protection. I have used an adware removal tool and I have AVG Anti-Virus.

I have followed the prework instructions and also done a scan using Kaspersky.

It would be great if you could help


Adam

Anyone. . . . . .?

Hya Adam , welcome to PCHF.

Nope , no backtera virus. But you do have a Lop.com infection from Messengerplus , and a small prob in youre java cache.

That Backtera infection warning is fake , its to try and get you to buy there fake anti spyware app. (and then you are really infected) So dont click on those popups.


You have a LOP infection that often comes together with Messenger Plus. To remove it we will try the simple way first.

1. Go to Add/Remove programs. Double click on "Messenger Plus!" (or click on Remove) (see quote below!)

2. The "Messenger Plus! - Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.

3. The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.

4. If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.

5. To complete the uninstallation, follow the instructions that are displayed (the first one is to close all your Internet Explorer windows, that's very important). When everything is complete, restart your computer and, hopefully one nasty infection is gone.


Then click on Start->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Then on the "general" tap below "Temporary Internet Files" click on "Delete Files.." and click OK , and OK.


When done , post a new hjt log please.

Can't thank you enough Joe.


I followed your instructions and have attached a new HJT log.

Hopefully it is all fixed.


One more question is it enough of a guard to have AVG for protection?



Thanks in advance Adam

Yup , the infections are gone. Just remove this now "file missing" entry with hjt and youre done:


And it seems you dont have a firewall , i would advice to install one if you dont have one yet. Have a look in our download section for free ones.
Also i would keep Ewido and use it to scan now and then.


Do you still have any problems with youre pc?

Thanks again joe. The only problem seems to be this comes up when I restart the computer.










EDIT:

I just downloaded zonealarm, and all of a sudden this http://www.systemuptodate.net/ tries to become my hompage.

I have attached hjt log and ewido log.


This spyware **** is really starting to pee me off.

Sorry bout this.

Adam

That dlcctime.dll error you post is related to youre Dell printer , nothing malicious. Try uninstalling and reinstalling the software for it. That should fix that prob.

And you now have an Spywarequake infection on there im afraid , plus an other infection.

Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

And download SmitfraudFix (by S!Ri)


Extract the content (a folder named SmitfraudFix) to your Desktop.

Then boot up in safemode (hit f8 when booting up)

Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.


A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt



Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.



Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of winzlo32.dll once and then click the kill button.
After you have killed all of the winzlo32.dll 's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of winzlo32.dll then click the kill button.

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following:

Now click fix checked and close HijackThis.

Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\SYSTEM32\winzlo32.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please run Hijackthis again and post a new Hijackthis log plus the C:\rapport.txt .