desperate for your help SPyware virus

My computer has a virus

It says my computer is infected with spyware

Security centre alert
Pops up and I don’t know if that’s something trying to help or make things worse

Insecure internet security threat of virus attack

Continue to this website unprotected is what is says then if I proceed it tries to get me to buy soft soldier which I believe is being sold by the virus maker.

The anti virus software I had was avast home edition…which ran out a week ago… since then I tried to upgrade to professional which gave me this information below!!!

I deleted my old home edition hoping to reinstall but now it looks like they got me.

What should I do now??? Quickly???

16.10.2009 21:34:52 general: Started: 16.10.2009, 21:34:52
16.10.2009 21:34:52 system: Operating system: Windows Vista ver 6.0, build 6001, sp 1.0 [Service Pack 1]
16.10.2009 21:34:52 system: Memory: 57% load. Phys:892796/2086344K free, Page:2758816/4194303K free, Virt:2028948/2097024K free
16.10.2009 21:34:52 system: Computer WinName: UNCLENIK-PC
16.10.2009 21:34:52 system: Windows Net User: uNcleNik-PC\uNcle Nik
16.10.2009 21:34:52 general: Old version: ffffffff (-1)
16.10.2009 21:34:52 system: Using temp: C:\Users\UNCLEN~1\AppData\Local\Temp_av_inet.tm~a07948 (2603M free)
16.10.2009 21:34:52 internet: SYNCER: Type: use IE settings
16.10.2009 21:34:52 internet: SYNCER: Auth: another authentication, use WinInet
16.10.2009 21:34:52 general: Install check: Program folder does NOT exist in registry
16.10.2009 21:34:52 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
16.10.2009 21:34:54 general: progress thread start
16.10.2009 21:34:54 general: Destination: C:\Users\UNCLEN~1\AppData\Local\Temp_av_inet.tm~a07948
16.10.2009 21:34:54 general: Starting download: http://www.avast.com/go.php?verb=get-avast-home&type=cnet&langid=eng
16.10.2009 21:34:56 general: Download finished from server www.avast.com, result: 0x20000006, server response: 301
16.10.2009 21:34:56 general: Stats www.avast.com, server response: 536870918
16.10.2009 21:34:57 general: POST result: 0x00000000, server response: 204

Try scanning your computer with a couple of Malware removers like these

Malwarebytes Anti-Malware 1.41 http://filehippo.com/download_malwarebytes_anti_malware/
click on “remove selected” after scan to quarantine any bugs found

SuperAntiSpyware 4.29.1002 http://filehippo.com/download_superantispyware/

a-squared Free 4.5.0.11 http://filehippo.com/download_asquared/

come back and post scan logs here

thankyou so much
so far that has worked a treat to stop it from blocking my pages, now do you know how to download the avast pro without it having an error code?
and the error code from previous message is still showing…
I’ve paid for avast pro and cant use it??? ???

here is log from malware

Malwarebytes’ Anti-Malware 1.41
Database version: 2972
Windows 6.0.6001 Service Pack 1

17/10/2009 00:37:53
mbam-log-2009-10-17 (00-37-53).txt

Scan type: Full Scan (C:|D:|E:|F:|)
Objects scanned: 299005
Time elapsed: 1 hour(s), 41 minute(s), 7 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 19
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
C:\Windows\pp12.exe (Worm.Koobface) → Unloaded process successfully.
C:\Windows\System32\cgi424D.tmp.exe (Rogue.Installer) → Failed to unload process.

Memory Modules Infected:
c:\Windows\System32\fio32.dll (Worm.KoobFace) → Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fioo32 (Worm.KoobFace) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fioo32 (Worm.KoobFace) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fioo32 (Worm.KoobFace) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib{305c6cb1-9d31-4489-881d-5a8e2dc3fe14} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface{e79b1445-dfea-4bef-a786-e0c0f33c863b} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{4cf088bd-be95-40a5-be9b-677f8683edea} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{6fac4823-815e-4361-836e-46d65ed2550b} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars{8bcb5337-ec01-4e38-840c-a964f174255b} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{911f251e-34fd-465e-b6ce-df00ff49a6be} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID{fe4f1649-8909-49c0-87ba-24d65120db46} (Adware.Shoper) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fio32 (Worm.KoobFace) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FIO32 (Worm.KoobFace) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SfX (Rootkit.Agent) → Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) → Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cgi424d.tmp.exe (Rogue.Installer) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Trojan.Dropper) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\fioo32 (Worm.KoobFace) → Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\fio32.dll (Worm.KoobFace) → Delete on reboot.
C:\Windows\pp12.exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Windows\System32\cgi424D.tmp.exe (Rogue.Installer) → Delete on reboot.
C:\Windows\ld15.exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Program Files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll (Adware.Shoper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IL4VNKO\setup[1].exe (Rogue.Installer) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IL4VNKO\pp.12[2].exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OYM1S8L\v2prx[1].exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OYM1S8L\pp.12[1].exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6OYM1S8L\pp.12[2].exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVU4LHVB\pp.12[1].exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVU4LHVB\v2prx[2].exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVU4LHVB\v2prx[3].exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVU4LHVB\v2prx[4].exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\40Y6WRDJ\setup[1].exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Users\uNcle Nik\AppData\Local\Temp\cgi424D.tmp.exe (Rogue.Installer) → Quarantined and deleted successfully.
C:\Windows\rdr_1255564214.exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Windows\rdr_1255575287.exe (Trojan.Dropper) → Quarantined and deleted successfully.
C:\Windows\rdr_1255696575.exe (Worm.Koobface) → Quarantined and deleted successfully.
C:\Windows\010112010146116101.xxe (KoobFace.Trace) → Quarantined and deleted successfully.
C:\Windows\0101120101464855.xxe (KoobFace.Trace) → Quarantined and deleted successfully.
C:\Windows\bk23567.dat (KoobFace.Trace) → Quarantined and deleted successfully.
C:\Windows\fdgg34353edfgdfdf (KoobFace.Trace) → Quarantined and deleted successfully.
C:\Windows\System32\drivers\fio32.sys (Worm.KoobFace) → Quarantined and deleted successfully.
C:\Windows\0535251103110107106.yux (KoobFace.Trace) → Quarantined and deleted successfully.

Did you reboot (pretty much straight away) after running the MBAM scan? There is one file there that needed a reboot to delete.
If not, reboot now, scan again, and if prompted to reboot to delete the file (which hopefully will not be detected again), reboot promptly.

Make sure your firewall is turned on.

Get the full installer for Avast from the home page, 2nd large download just below the words “Note: This product will also work as a 60-day trial…”, 37.24Mb, here.
Once it has downloaded, disconnect form the net, and install it.
Once installed, it should be straightforward to enter the key. Right-click the tray icon, select “about Avast” and then “license” and paste the key number you received into the space provided.
(This assumes you had previously registered/purchased Avast, and received a key via email.)

Please help

Yes i rebooted straight away…
I also tried to do the install with internet off after i downloaded it.
It didn’t work…

may get a refund! This shouldn’t be this difficult…

The error i got is…

18.10.2009 22:59:24 general: Started: 18.10.2009, 22:59:24
18.10.2009 22:59:24 system: Operating system: Windows Vista ver 6.0, build 6001, sp 1.0 [Service Pack 1]
18.10.2009 22:59:24 system: Memory: 53% load. Phys:964264/2086344K free, Page:2373964/3762824K free, Virt:2028948/2097024K free
18.10.2009 22:59:24 system: Computer WinName: UNCLENIK-PC
18.10.2009 22:59:24 system: Windows Net User: uNcleNik-PC\uNcle Nik
18.10.2009 22:59:24 general: Old version: ffffffff (-1)
18.10.2009 22:59:24 system: Using temp: C:\Users\UNCLEN~1\AppData\Local\Temp_av_inet.tm~a05652 (2265M free)
18.10.2009 22:59:25 internet: SYNCER: Type: use IE settings
18.10.2009 22:59:25 internet: SYNCER: Auth: another authentication, use WinInet
18.10.2009 22:59:25 general: Install check: Program folder does NOT exist in registry
18.10.2009 22:59:25 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 0
18.10.2009 22:59:27 general: progress thread start
18.10.2009 22:59:27 general: Destination: C:\Users\UNCLEN~1\AppData\Local\Temp_av_inet.tm~a05652
18.10.2009 22:59:27 general: Starting download: http://www.avast.com/go.php?verb=get-avast-pro&type=cnet&langid=eng
18.10.2009 22:59:27 internet: ERROR:HttpGetWininet, catch returned 0x00002EE7
18.10.2009 22:59:27 general: Download finished from server www.avast.com, result: 0x20000004, server response: 12007
18.10.2009 22:59:27 general: Stats www.avast.com, server response: 536870916
18.10.2009 22:59:27 general: POST result: 0x20000004, server response:

That looks like the cnet installer…besides the fact that it seems to be having trouble at the moment, you are offline, so it definately wont work…

Please follow Tarq57’s advice and choose the Full download.
http://www.avast.com/eng/download-avast-professional.html

Scroll down and select the English setup file, it should be about 37MB

-Scott-

Earlier post edited to make the link info more clear.