To start off with, you have a password stealing trojan computer so please do NOT do ANY banking, or personal business on the computer unless you want to have your identity stolen. Follow my steps exactly in there order, and if you have any questions, ask before doing.
Step1
1. Please open
Notepad- Click Start, then Run
- Type "notepad.exe" in the Run Box.
2. Now
copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::
File::
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\fptykmav.dll
C:\WINDOWS\system32\jtssnlrx.dll
C:\WINDOWS\system32\xxyvvwxy.dll.vir
C:\WINDOWS\system32\vwerbfob.dll
C:\WINDOWS\system32\jauuocpp.dll
Folder::
C:\Documents and Settings\All Users\Application Data\TEMP
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92241867-1358-4374-ac78-39a0b353aa4a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5FD78F2-469C-40D0-9DFA-805070509189}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BMdffdf25a"=-
3. Then in the text file go to
FILE =>
SAVE AS and in the dropdown box select
SAVE AS TYPE to
ALL FILES
4. Save the above as
CFScript.txt
5. Then
drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
http://users.pandora.be/bluepatchy/m...s/CFScript.gif
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply
Step2
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O2 - BHO: {a4aa353b-0a93-87ca-4734-853176814229} - {92241867-1358-4374-ac78-39a0b353aa4a} - C:\WINDOWS\system32\fptykmav.dll
O4 - HKLM\..\Run: [BMdffdf25a] Rundll32.exe "C:\WINDOWS\system32\jtssnlrx.dll",s
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Now
close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.
Step3
Please do an online scan with
Kaspersky WebScanner
Click on
Accept
You will be promted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
- Scan Archives
Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Step4
Did you install all of those Poker games yourself, or did they just get installed one day? There seems to be many of them installed on your computer, and Poker games are usually related to Spyware/Virus installations.
Logs Required In Next Post:
------------------------------
ComboFix Log
Kasperky Log
New Hijackthis Log
Answer to Step 4
Update On How the System is Running
Kind Regards,
Techpro5238