Hey guys.
Been having a lot of problems with spyware and adware etc.
Avast keeps finding Trojans etc, and comes up with the avast virus detected screen (which is really annoying) so someone disabled it and now there is even more stuff on the computer. I have tried so many different programs to get rid of them.
Ive ran Ewido, Avast, Registry Mechanic, Lavlys Adaware thingy. I ran them all in safe mode etc. Done all the prework things.
And still the problems persist. Ive posted a HJT log...
Any help is much appreciated.
Many thanks
Matt

Ok so whilst writing this post, one of the alerts came up...

FILENAMEthe files name is a link, Don't click on it don't know how to stop it being a link
/locator1.cdn.imagesrvr.com/sites/sysprotect.com/scanner/pages/scanner/SysProtectScannerInstall.cab\USYP_0001_N85M2606Net Installer.exe

Malware name: Win32:FakeAlert [Trj]

Attached Files

hijackthis.log (5.3 KB, 2 views)

And this is the one that comes up all the time, its a temporary file and ive removed all of them!

C:\WINDOWS\system32\1024\ld4C75.tmp\[Upack]
Win32:Zlob-BN [Trj]
Trojan Horse

And another

C:\WINDOWS\system32\1024\ldDF1A.tmp\[MEW]
Win32:Small-TF [Trj]
Trojan Horse

Many thanks
Matt

Hi EmattE , let's get rid of that bugger.


Download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Then boot up in safemode (hit f8 when booting up)

Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please attach that report to your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


Then fix this one with HJT:

And when done , also post a new HJT log please.

Hey

Done all that...
Here are my two new logs. Ive had no pop ups or Alerts yet...

Thanks for you help... Is there anything else i need to remove/fix?
Cheers
Matt

Attached Files

	hijackthis.log (4.2 KB, 2 views)
	rapport.txt (1.2 KB, 2 views)

Hi Matt, please launch HijackThis and place a tick by the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll (file missing)
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.

Then run Panda ActiveScan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report, along with a new HijackThis log.