want advice for spyware

[macmadden]

hey,

I seem to have acquired some spyware over the weekend and it took over my home page(sending me to some virus software site every time), and added a "protectection bar" to my IE browser, slowed down my computer, and kept sending me messages that i neeed to buy some software to get rid of some viruses and clean my registry. I tried to run my McAfee anti virus program but it didnt help. I then downloaded Spybot S&D and it found and removed about 40 items including smitfraud, and the trojan ZLOB. I then came across HijackThis and decided i needed some help with it. that lead me to this site.

over the last few days using the 8 steps from your sticky post-it( i followed them precicely), i was able to reclaim my home page, remove the "protection bar" from my IE browser, and prevent me getting the popup messages about needing to buy more antivirus/spyware software. i ran the AVG antispyware and it told me i still had the zlob trojan. i was unable to get the kapersky online scanner to start because my active x pop up blocker would not let it run after i allowed it download. i then tried the panda scanner and could only get it to run partway (2 times) and then close all my IE windows. The Bitdefender ran a full scan and found Trojan.downloader.zlob.zrb but failed disinfection and deletion and update. ( i attached the scan findings in txt file) i then ran hijackthis (the sacn is attached).

things seem to be improved but i am unsure if i still have spyware on my system as it still seems to have some sluggishness and IE is not working as well as before this weekend (closing down at times, wont connect when i first open it up) and today i have two new folders on my desktop %systemdrive% and %userprofile%

can i delete any items from my registry? if so which ones? do i still have spyware? if so how do i get rid of if?

thanks again in advance.

mac

[macmadden]

i didnt attach the AVG scan findings. for clairification, i ran the scan twice, once as soon as i downloaded it after updates (but booted in normal mode) that was at 15:31:42 and when it found the zlob trojan among others.

the second time i ran it, at 23:31:44, was after following the 8 steps from the sticky post while in safe mode and it found nothing on that scan. neither did the Windows defender find anything, nor did the ATF cleaner remove anyfiles prior to that. All of those scans were done in safe mode. i just re-ran spybot S&D(back in normal mode) and it says my system is clean.

while looking in my program files folder, i have found a "spywarelocked" folder which was one of the items that the spyware tried to sell me over the weekend. currently it only has one file in the folder labled "sd" configuration settings, 1 kb in size.

i still think i have some problems even tho those all say i am clean now.

again thanks for your help.

mac

[Noob334]

Macmadden, i do not know enough about spyware to give you any help but my computer shows that only one person has looked at your logs. Im sure that as soon as PP or Jholland come along they will be able to help you. Don't worry they usually dont take too long to respond

[jholland1964]

Hello macmadden,
Your logs look to me that you have done a pretty fair job of removing some pretty nasty items. Just a few fixes needed with a new run of HJT.
With all browsers closed run HJT again and place a checkmark next to the following entries;
O3 - Toolbar: (no name) - {84938242-5C5B-4A55-B6B9-A1507543B418} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5 \G9AJ0HM7\ASAFET~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5 \XNZNT1G6\PACKAG~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5 \VIORRTG9\HOVER_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5 \G9AJ0HM7\INDEX_~1.SH! C:\DOCUME~1\COMPAQ~1\LOCALS~1\TEMPOR~1\Content.IE5 \OLEZKT67\ACTION~1.SH!

Once you have placed the checkmarks then click the FIX button.
Exit HJT.
Reboot and run a new HJT scan and post that back here.
Judy

[macmadden]

thanks again for your help

here is the new log. i feel better haveing some experts take a look at things. is there anything else i should do to clean my registry more?

mac

[jholland1964]

Your log looks pretty good to me. The registry cleaner I use...VERY SPARINGLY I might add...ONLY when I have installed or uninstalled LOTS of programs or files...is RegCleaner
NEVER as a matter in regular cleaning.
To use it, Install of course. Then Open the program. At the top you will see Tools click that and then choose Registry Cleaner, Do Them All.
The program will then scan your system for unnecessary entries.
Takes just a few minutes.
When complete it will show you the list of items you no longer need.
Go again to the top. Choose Select, All. Then click the Remove Selected Button on the Bottom Right.
That is it.

I would also suggest you visit this link PROTECT YOURSELF FROM MALWARE: Tools & Tip
Take a look there at the various options given for added protection.
You would all ready have some of these items I am sure but scroll down to the bottom and go with Spybot, AdAwareSE and the key one for me SpywareBlaster. Install those and along with your firewall and anti-virus program you should be well protected.
Judy