I can't think of anything else to do. A few days ago I started getting a barrage of pop-ups and I immediately knew something was wrong. My Norton Antivirus was on and didn't report immediate problems. I have run many scans with different programs, all find something, clear it off, and then it's back. Norton ended up telling me I had the Vundo trojan, bit it was removed. I even used the Vundofix tool and it said it was gone. Later I started getting more messages saying Norton had blocked vondu, then it was detected again and pending, then gone again.

Lately, every time I go online Norton tells me it has just blocked another attempt to access my computer from Duntek, Vundo, ErrorSafe, Winfix, Downloader, Spysheriff, Infosteal. Screens will pop up telling me I don' t have good virus protection and I need to download their software, and of course when I click cancel or close they attempt to install anyway and are blocked by Norton. Sometimes a site will just open spontaneously. My computer is now very slow and irritating.

Besides doing the prework, I have also used CounterSpy and Ad-Aware, as well as an online Panda scan. My computer is now very slow and extremely irritating to work with. Can you help me get the malware off and get my computer back up to speed?

Attached Files

	AVG Report.txt (3.4 KB, 3 views)
	Spy Sweeper Session Log.txt (2.5 KB, 2 views)
	hijackthis.log (9.5 KB, 8 views)

Not sure what the security guys will say but personally I can't see much in the HJT log apart from myway

Try fixing this issue:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

and then run CCleaner to get rid of any temp stuff then run spy sweeper again

EDIT: Just out of interest, what do these popups look like?

They are adds for everything. I think they are targeted towards what I'm doing online, so since I've spent so much time trying to solve my virus problem, I've gotten a lot of pop-ups for bogus anti-virus software. A lot of WinAntivirus Pro and ErrorSafe. When I close the pop-ups they try to install anyway. They want me to pay a ransom to remove the software that they probably installed in the first place. I know this stuff didn't get bundled with something else, becuase I hadn't downloaded anything in quite a while.

Okay, the reason I asked is because they sound suspiciously like messenger service popups, best thing to do I think would be wait 'till one of the security team have a look at the logs.

Hmm...can you please rename hijackthis.exe to rename.exe. Then run a new scan and post the new log in your next reply.

Here it is, Thanks.

Attached Files

hijackthis.log (10.8 KB, 5 views)

As expected, Vundo was trying to hide from HijackThis...

Please download VundoFix.exe
to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.