Home > Please Check > Please Check HJT - NewPolyWin32 Virus?

Please Check HJT - NewPolyWin32 Virus?

Now put a tick by Standard File Kill. See this section in Step 3: Uninstall File Sharing/P2P Programs http://www.techspot.com/vb/topic58138.html May 19, 2009 #8 markymark06824 TS Rookie Topic Starter Bobbye, This machine came with a free trial of Symantec. Come back here to this thread and Paste the log in your next reply. Now run CWShredder. navigate here

WINDOWS DEFENDER [* ]Click Start > Programs > Windows Defender or launch from the system tray icon. It would something that contained stuff like C:/...jvkl... So I need your help to make this happen. File not foundO3 - HKU\S-1-5-21-709334227-1214971342-3238884620-1006\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. https://forums.techguy.org/threads/solved-spy-sheriff-new-poly-win32-and-other-virus-and-spyware-major-problems.422184/

The strange thing is that the "h" inside jL.chura.pl/rc is not actually an "h". Now run CWShredder. Close all browsers, windows and unneeded programs.6. The log is attached.

C:\WINDOWS\system32\mlsdf8h6918689.exe -> Backdoor.HacDef.fw : Cleaned. But I also had a virus warning: New Poly Win32. But that was a good move on your part. Username or email: I've forgotten my password Forum Password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Community Forum

Thank you for all of them and for all of your help. I couldn't turn off the sytem restore, because my OS doesn't seem to have such a feature. Sign Up This Topic All Content This Topic This Forum Advanced Search Browse Forums Calendar Staff Online Users More Activity All Activity Search More More More All Activity Home Spyware, thiefware, http://www.bleepingcomputer.com/forums/t/220336/infected-with-new-win32-and-new-poly-win32/ oh by the way, my ISP is Singnet 256kbps (i'm from Singapore).Thank you so much again and hear from you soon. 0 #7 Michelle Posted 04 April 2005 - 10:56 AM

FileDescription : Avance Sound Manager InternalName : ALSMTray LegalCopyright : Copyright © 2001 Avance Logic, Inc. Start a new discussion instead. The desktop seemed more normal. Click I Agree, then Fix and then Next, let it fix everything it asks about. 5.

Staff Online Now davehc Trusted Advisor Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links Search Forums Hope this will help. Log in or Sign up Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Computer problem? Click here to Register a free account now!

Please save it where you can find it easily. check over here OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1092 ThreadCreationTime : 3-24-2005 2:52:12 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating Hope you guys can help. Also do the following; Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop. * DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.* Be sure a checkmark is placed next to Update

button. I think that it was very old as it was contained in an old unused file. Infected with New Win32 and New Poly Win32 Started by mikesal3731 , Apr 18 2009 02:43 AM Page 1 of 2 1 2 Next This topic is locked 19 replies to http://nuvisiongraphx.com/please-check/please-check-my-hijack-log-definate-virus.html Delete everything in this folder: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\Temp Finally go to Control Panel>Internet Options.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Follow the instructions for protection on that page.Shut down AboutBuster. Cheeseball81, Dec 4, 2005 #8 jfnewbie Thread Starter Joined: Jan 9, 2005 Messages: 64 Cheeseball, followed your directions.

I will review the logs when I have all three.

No, this is not a new virus, in fact it has been around for several years, since 2005. Why does Google offer free fonts to use online? Click on the "System Startup" icon in the List Uncheck the "TeaTimer" box and "OK" any prompts. If there is any infection, you should attach the log.

Please try this: 1) Click on Start, Control Panel 2) Open Add/Remove Programs 3) Find AVG in the Programs list and highlight it 4) Click Remove and follow the prompts to Click I Agree, then Fix and then Next, let it fix everything it asks about. 5. And no, I don't believe any passwords have been compromised. weblink All Rights Reserved.

C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP392\A0049140.exe -> Downloader.Small : Cleaned. :mozilla.436:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\20f73x31.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.437:C:\Documents and Settings\Scott\Application Data\Mozilla\Firefox\Profiles\20f73x31.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\67vpasl6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. In fact, things kept popping up warning me of infections, but in all honesty, it seemed to be not from my computer, but from spyware trying to scare me into downloading Join over 733,556 other people just like you! A menu should come up where you will be given the option to enter Safe Mode.4.

C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP392\A0049137.exe -> Backdoor.HacDef.fw : Cleaned. Did you run the Kaspersky scan? TechSpot Account Sign up for free, it takes 30 seconds. the address when i log out shows:"http://login.passpor...ll=&rollrs=11".Hope this will help.

Run HijackThis and put a check by these entries: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\rfwyk.dll/sp.html#93256 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\rfwyk.dll/sp.html#93256 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - And, should I worry that some jerk out there may have stolen usernames, passwords, bank and credit card info, etc? Join thousands of tech enthusiasts and participate. But the license to use is $25.

There are 10 Symantec processes starting and loading when you boot.