I’ve been having problems with this process, It seems it is undetectable by all the programs I’ve used so far(Avast Spybot S&D, Process scanner, Registry Easy and one other. I also used the search feature in windows to search for it and nothing).
It opens up some sites in my Explorer one at a time usually ad stuff.
If I force quit it through the task manager it pops up after 30m-2hrs.
Anybody know a way to remove it aside from formatting?
Thanks in advance.
Yep I think I may be able to help. When you run this programme you will need to disconnect form the net and the right click the Avast icon and select Stop on access protection, as it does not like a part of this programme
To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.
Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
[*]Close ALL OTHER PROGRAMS.
[*]Open the OTScanit folder and double-click on OTScanit.exe to start the program.
[*]Check the box that says Scan All Users
[*]Check the Radio button for Rootkit check YES
[*]Under Additional Scans check the following:
[*]File - Lop Check
[*]File - Purity Scan
[*]Evnt - EventViewer Errors/Warnings (last 10)
[*]Now click the Run Scan button on the toolbar.
[*]Let it run unhindered until it finishes.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Hi turiel,
Looks like a prettypark worm variant, but essexboy will cure your machine,
polonus
OK so what next? Delete the .Exe and .a_a file since the program showed me where they were?
Never worked with a program like this before.
[EDIT]
I found the files and just deleted them thanks to the program I could find them, I’ll be sure to notify you if anything unexpected happens.
Thanks for the help.
If you could upload the log to Mediafire I will work out a fix to delete the bad files and registry entries, by itself it will not yet fix them
OK I uploaded the Log on to mediafire.
http://www.mediafire.com/?sharekey=ab9e995c777b063391b20cc0d07ba4d2b4ed6eab2e46ca91
There you go hope this helps.
Hi both of your drives were infected
Download the attached text file and open it. Then select EDIT … Select All. Select EDIT again and select copy
Start OTScanit. Right click in the box that says “Paste fix here” and select paste then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.
I will review the information when it comes back in.
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
OK the Log has been uploaded to the same folder accessable through the same URL as before.
Nothing unusual happened during the fix.
If something crops up I’ll let you know.
Thanks I appreciate the time you put into this.
Looks good if you could just run malwarebytes now to clear the orphan registry entries you should be good
Please download Malwarebytes’ Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
[*]Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select “Perform Quick Scan”, then click Scan.
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that everything is checked, and click Remove Selected.
[]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Malwarebytes’ Anti-Malware 1.31
Database version: 1471
Windows 5.1.2600 Service Pack 2
7.12.2008 19:06:29
mbam-log-2008-12-07 (19-06-29).txt
Scan type: Quick Scan
Objects scanned: 54368
Time elapsed: 5 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) → Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) → Bad: (0) Good: (1) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) → Bad: (1) Good: (0) → Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
H:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) → Quarantined and deleted successfully.
There you go.
Nice just one I missed and some reg entries. If there are no further problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…Download and run this small programme and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Please download JavaRa to your desktop and unzip it to its own folder
[*]Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
[*]Accept any prompts.
[*]Open JavaRa.exe again and select Search For Updates.
[*]Select Update Using Sun Java’s Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
[*]Select Start > All Programs > Accessories > System tools > System Restore.
[*]On the dialogue box that appears select Create a Restore Point
[*]Click NEXT
[*]Enter a name e.g. Clean
[*]Click CREATE
You now have a clean restore point, to get rid of the bad ones:
[*]Select Start > All Programs > Accessories > System tools > Disk Cleanup.
[*]In the Drop down box that appears select your main drive e.g. C
[*]Click OK
[*]The System will do some calculation and the display a dialogue box with TABS
[*]Select the More Options Tab.
[*]At the bottom will be a system restore box with a CLEANUP button click this
[*]Accept the Warning and select OK again, the program will close and you are done
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
[]SpywareBlaster to help prevent spyware from installing in the first place.
[]SuperAntispyware Run weekly to keep your system clean
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit
[]Secunia Software inspector To check your programme update status
[]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe 