Computer Problems

[jholland1964]

Ok Pokey86, I have gone through your latest logs and while they do look better you are still showing the Trojan.Smitfraud on your system. This can be hard to remove but let's try again.
Be certain that you have Enabled the Viewing of Hidden Files and Folders

You are going to have to use that same smitRem Removal Tool again.
I stress here that this MUST BE USED IN SAFE MODE
Restart your computer in safe mode, logon to the user account that is infected, open the smitRem folder and double click the RunThis.bat file to start the tool. Follow the prompts on screen and allow disk cleanup to complete. Upon reboot, you can reset your desktop background. Note: XP users using the XP theme may experience a change to the Classic Windows theme. This can be changed on the themes tab of desktop properties.
Once you have rebooted to NORMAL MODE then please go to the
Panda Active Scan Site
and run their active scan to find and remove anything which may be left behind by the fix done in SAFE MODE. Please have the Panda Scan fix anything found and please save the log.
Reboot the machine again in NORMAL MODE and run a new HJT scan. Post that log, along with the new Panda Active Scan log here.

[Pokey86]

I have re-run Smitrem ON Safe mode & all above requirements have been met.

It ran fine & went through, but then something peculiar happened. After smit rem finished & the disk cleaner started running, shortly after it just disappeared & ALL icons & EVERYTHING disappeared & wouldn't come back. (I mean every possible thing on the desktop, startbar, icons etc etc) I was still able to "Alt, ctrl, Del" then run msconfig to reboot to normal mode. But i'd have expected the Disk cleaner to have some kind of ending statement (It did something similair last time, it just disappeared)

Also i have run the Panda active scan which is also enclosed, i can't disinfect yet as i don't have any money in my account yet (Get paid this friday)

Sorry for all the enconveniences, you guys are great people

HJT log & PAS log attached

[jholland1964]

Don't worry about paying for the Panda Scan to clean. We are just using it to see where items are. There are other free ways we can remove these items found.
First thing please download and install CCleaner
Next, update the AVG/Ewido program.
Reboot to SAFE MODE.
Run run ONLY the default scan (Windows Tab). Do Not “Scan For Issues” Click the Analyze button and let it scan. Once it finds everything then click the Clean button. It will ask are you sure, say yes.
Next again run the AVG/Ewido scan and again do the Full System Scan. Allow it to clean everything. Save the log.
Reboot to normal mode.
Then go to My Computer and double click.
Then go to "C" drive and double click.
Then in "C" drive go to \Documents and Settings\Debs\Cookies\ and delete ALL the cookies if any remain. Next, still in "C" drive go to \Documents and Settings\Keith\Cookies\ and delete all the cookies if any remain.
Run another HJT scan, save the log and post back here with the Ewido log and HJT log.

Also, don't worry about the disappearance of the desktop following the running of smitrem...this is ok.

[Pokey86]

OK all above tasks have been done please note i ran ad-ware just before you posted your last post. then i followed all of your steps

Enclosed is the Ewido & HJT logs

[jholland1964]

Pokey, why didn't you have the Ewido scan fix those items?

These for sure should have been fixed

C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Ignored.
C:\WINDOWS\system32\opnolij.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_w_l_ y_3_2_._d_l_l_ -> Trojan.Agent.vg : Ignored.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Ignored.

I am "on the fence" about these as they do point to a real program however there have been some flaws with it which could allow a hijacker onto the computer if you are running an unfixed version.

C:\Program Files\RealVNC\VNC4\vncconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\wm_hooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.

Here is some info about this problem from eTrust Spyware Encyclopedia;
VNC is a non-malicious Remote Access tool, that can be uninstalled using Add/Remove Programs. It is a useful application with many valid purposes, however trojans exist which utilize VNC's code base. Such malware may covertly install VNC and automatically configure a VNC server password, that can be used by an attacker as a backdoor into the system.

[Pokey86]

Pokey, why didn't you have the Ewido scan fix those items?

These for sure should have been fixed

C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Ignored.
C:\WINDOWS\system32\opnolij.dll -> Adware.Virtumonde : Ignored.
C:\WINDOWS\system32\__delete_on_reboot__w_i_n_w_l_ y_3_2_._d_l_l_ -> Trojan.Agent.vg : Ignored.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Ignored.

I am "on the fence" about these as they do point to a real program however there have been some flaws with it which could allow a hijacker onto the computer if you are running an unfixed version.

C:\Program Files\RealVNC\VNC4\vncconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.
C:\Program Files\RealVNC\VNC4\wm_hooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.4 : Ignored.

Here is some info about this problem from eTrust Spyware Encyclopedia;
VNC is a non-malicious Remote Access tool, that can be uninstalled using Add/Remove Programs. It is a useful application with many valid purposes, however trojans exist which utilize VNC's code base. Such malware may covertly install VNC and automatically configure a VNC server password, that can be used by an attacker as a backdoor into the system.

Though AVG suggested i "Ignore" them i changed the setting to delete on reboot. So they should have been deleted

[jholland1964]

Reboot. Run the AVG again and see if they still show up. Also run a new HJT scan to see if they still show there. Post both new logs.

[Pokey86]

Something strange is happening, everytime i boot to safe mode, whatever user i go on to, there are no icons, no taskbar, no start bar... Absolutely nothing. Only thing that works is alt + ctrl + del Any idea what's going on?

[jholland1964]

Does this happen in normal mode also?
When you are in safe mode do you have a cursor? Right click anywhere on the desktop and choose Arrange Icons By and make sure that Show Desktop Icons is checked and make sure that Lock Desktop is NOT checked.

[Pokey86]

No, everything on the desktop is fine in normal mode. I do have a cursor, but right click doesn't do anything on the desktop & well, the cursor doesn't really do anything other than move around, as there is nothing to click