Hi All.

Yesterday I seemed to pick this virus up. I keep getting a box pop-up asking for permission for this program to make changes to my computer. It just keeps coming up when I click no. If I finally get past this by clicking 'No' 20-30 times, my PC is just about aat a standstill. Internet amazingly slow, unusable.

Microsoft Security tells me it has removed the threats and that it needs to restart to complete cleaning. If I do this it recommends a full scan, but the pop-up is already back before I start it, and it cleans the threat again.

I have followed a guide on the internet that got me to do this...
1 - Start in safemode with networking
2 - download/run rkill
3 - download/run malware bytes and let it clean.

This seemed to pick up some problems and clean the system, but when I restarted it was the same as before. I tried running this all again and now it can't even find anything wrong.

I'm using Windows 7, and use Microsoft Security Centre for virus protection.



Can someone please explain step-by-step how to sort this out? I can follow instructions, but am not a computer expert in any way.

Thank you in advance!

PS. I also did a system restore to a few days ago (before the problem started) as another site recommended. It didn't help. I don't know if this will have affected the attached logs.

PPS. I have a live McAfee subscription that I am not currently using. Would installing McAfee fix this problem? I didn't think it would be necessary when I bought my new PC which used the Microsoft Security version.

When it asks you if it can run what file does it say wants to run

It wants to run 'Windows Command Processor'

Ahh i have had this before, but i figured out how to get rid of it.The scan is not really a scan it will ask you to purchase the full version eventually just ignore it. Here is the manuall (Free) removal
Delete Windows Command Processor files:
start, run %appdata%\npswf32.dll
start, run %appdata%\Inspector-[rnd].exe
start, run %desktopdir%\Windows Command Processor.lnk
start, run %commonprograms%\Windows Command Processor.lnk
Delete Windows Command Processor registry files:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run!Inspectordiv class=”downloadbutton”
If you are not familiar with regedit just let me know and i will give more detailed instructions

Hi thanks for this. However, I've never even heard of Regedit. Could you please give me whatever instructions I would need to do it?

Ok well goto the run menu (start, run) and type regedit.exe A window should come up that looks like this
http://www.itechtalk.com/picture.php?albumid=325&pictureid=954

And then you goto HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run!Inspectordiv class=”downloadbutton” And you delete that entry by right clicking and clicking delete

Thanks for this advice, I really appreciate your efforts with this. However, I'm still having problems with the instructions...

Delete Windows Command Processor files:
start, run %appdata%\npswf32.dll
start, run %appdata%\Inspector-[rnd].exe
start, run %desktopdir%\Windows Command Processor.lnk
start, run %commonprograms%\Windows Command Processor.lnk

I read this as instructions that I should open the Run box in the start menu and try to run "%appdata%\npswf32.dll". I tried that and it cannot find the path. What am I doing wrong? And if it did find the path, wouldn't that just run the npswf.dll file? How would you delete it?

"And then you goto HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run!Inspectordiv class=”downloadbutton” And you delete that entry by right clicking and clicking delete"

I am starting regedit ok, and going through the directories. However, once I get as far as Windows\Current Version, I can't see an entry, item or folder called Run!Inspectordiv class=”downloadbutton” . I've attached a printscreen of regedit at the furthest point I can get to for your reference.

Sorry if I'm coming across as thick, I've just never tried to do something like this before. Also, should I be doing this with the PC in Safe mode or in normal mode?

OK download this and scan your PC with it. After it us done scanning save the log file and attach it here

It may ask you to install avast. You may or may not need to do this but I suggest it.

What do I need to download? Your post just says "OK download this and scan your PC with it. After it us done scanning save the log file and attach it here", but there is no link included or anything attached? I am running my PC in safe mode by the way, maybe this is why no link is showing?

Oh whoops forgot the link
http://public.avast.com/~gmerek/aswMBR.exe

It's running now. I will post the log as soon as it finishes. thanks.

Ok if you ran this under safe mode boot into normal mode and run it under admin privileges (right click run as admin)
It is currently 1:59AM in australia but i will be back tommorrow to help