Antivirus XP 2008 and more

I have attached a combofix log and a HJT log. They were both run in Safe Mode. This computer seemed relatively light in its infections, however it is proving a little difficult for me.

Help from anyone is greatly appreciated.

Seraphia

I just got this on my work computer today.

I was trying to install another program, avast said it was clean, but instead Antivirus XP 2008 got installed, my desktop wallpaper disappeared and avast pops up every 5 seconds saying there is a trojan or a virus or some form of malware. This xp 2008 thing autoruns and cannot be deleted.

Help! Without this computer I can’t work (the computer I’m on is old and will not run half of the programs I need). I’m in a huge bind. Help!

Hi, there.

I suggest SuperAntiSpyware Free.

I have run Spyware Dr. 4 times, it has cleaned up some every time, Avast 2 times, finding some every time. However, it can only run in Safe Mode.

Is anyone out there able to look at the logs I attached and give some suggestions?

I would greatly appreciate it.

Seraphia

I need to see the list of infections for the warning text file in post.

ask JTaylor if MBAM would help

Its on RogueRemovers radar:

http://www.malwarebytes.org/roguenet.php?id=421

RogueRemoverFREE:

http://www.malwarebytes.org/rogueremover.php

Stop all browser windows then start HijackThis then select then Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com <== make the homepage Google as IE will start a lot faster
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com <== make the homepage Google as IE will start a lot faster
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto <== It is not a good idea to use MSConfig as a start up manager
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe <== It is not necessary to have this diagnostic start up all the time and can be started from start All Programs when needed.

Startup Control Panel
Startup Control Panel is a nifty control panel applet that allows you to easily configure which programs run when your computer starts:
http://www.mlin.net/StartupCPL.shtml

Thanks for jumping in YoKenny

List
first
update avast and run a boot time scan
quarantine/ place in chest any hits- do not remove/delete

then run Malware bytes Rogue remove or MBAM- link above

then download Hijack this to your desktop
right click rename hijackthis.exe to HijackList.exe
close all windows/ programs browsers including this one
run a HJT SCAN ONLY

START A NEW THREAD
post your avast report
your Malware bytes report
and your Hijack this report

then WAIT
DO NOT RESPOND TO YOUR NEW THREAD or people with think you are already being helped
include in you post any symptoms, OS, Firewall, any antimalware programs etc

good luck

I believe it was just the day before yesterday that I suggested RogueRemover to someone on an AOL Board because they had the exact same Anti-Virus XP 2008. I had previously read here on the avast! Forums as that being the Fix so that’s what I suggested. And that did the trick for the Poster … that removed Anti-Virus XP 2008 from that Poster’s computer.

Yes MBAM/ Rogure Remover seems to be working well
it’s when there is the possibility of a combination of Malware
and there usually is !
that the follow-up with HJT is advised
SCAN ONLY- DO NOT FIX without a helpers advice
I do NOT recommend that users run ComboFix or other anti-malware tools on their on

no reason not to run Super Anti Spy as JTaylor83 recommends or Spybot Search and Destroy
one must always just quarantine not delete/remove any hits
and watch for false positives