Member Panel

Alright well I let my cousin use my laptop for a while yesterday and I booted it up today and I had a bunch of spyware (suprise suprise). Well I did a few scans and everything seemed ok again except for one infection that I cannot get rid of. This thing is weird, it wouldn't remove it normally so I tried booting it up in safe mode and it showed up there too.. and I can't close it. It's not in Applications or Processes either. How the hell do I get rid of this thing?!

Well it shows up in the taskbar as an icon that flashes a red circle with a cross through it and what looks like a green handicapped (guy in a wheelchair) picture. It also comes up with the message

"Your computer is infected! Critical System Error! System detected virus activites. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click here to get all available software."

I can't find any info on it. All I know is it's a false spyware scanner and it's extremely annoying. Help me out guys.

Oh and my IE startup page keeps getting changed to securitybulletin.net (don't go there or you'll get infected).

Sounds like a job for Smitrem to me:

Download Smitrem to your desktop:

http://noahdfear.geekstogo.com/click...click.php?id=1

Run the installer and then press Start to Extract the
files to the desktop, Do not run it yet.

Reboot into safe mode (Reboot and keep tapping F8 , then
choose safe mode from the list)

Run SmitRem:

Open the SmitRem folder and double click the "RunThis.bat" file to start the tool. Follow the prompts on screen , wait for the tool to complete , and disk cleanup to finish.

The tool will create a log named smitfiles.txt on the drive that you ran Smitrem on, eg; "C:\smitfiles.txt" , or the partition where your operating system is installed on.

Please attach this log to your next reply , plus an hijackthis log.


Note: XP users using the XP theme may ex-perience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.


You will need to reload your wallpaper as the SmitRem
tool will reset it, you can do this by right clicking
desktop and choosing properties, First check Theme and
set it to Windows XP then click the Desktop tab and
choose the one you want to use and press apply.

Ok, didn't seem to fix it. Posted the logs.

But it removed plenty.

Boot in safemode and fix this entry with hjt:

And delete these folders:

C:\Documents and Settings\Rory\MYDOCU~1\PPATCH~1
C:\Documents and Settings\Rory\Application Data\??pPatch

Reboot and post a new hjt log please.

Also you only have sp1 installed , i would recommend to install sp2.
And you seem to have no AV and no firewall installed , that is asking for trouble.
Have a look in our download section.

I deleted the folders but they didn't seem to have anything in them. This one's not going away..

And I have Microsoft AntiSpy and Zone Alarm installed, I just have them disabled during all this so they don't interfere.

I really don't worry about spyware too much because I hardly ever get it. I may get one infection every few months (if that) that I can just quickly get rid of and I do regular scans with tons of programs.

Ok, ewido fixed it.

You could delete the folder after running Ewido?

And i would be worrying about malware... Disabling youre firewall is kindoff a stupid thing to do actually imo. And it shows , you already have a new infection on there im afraid..


Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.

Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.

Unzip Process Explorer and double click on procexp.exe
In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of winjks32.dll once and then click the kill button.
After you have killed all of the winjks32.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of winjks32.dll then click the kill button.

Once you have done that click OK again.

Next run HijackThis and place a check beside each of the following:

Now click fix checked and close HijackThis.

Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\SYSTEM32\winjks32.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please run Hijackthis again and post a new Hijackthis log.