HELP!! Spyware, System Alerts...

3 Issues.
I run XP, latest update on a Dell. Running latest version of Avast.

1.When I click my internet browser, I get a Home Page to a (Puresafetynow Dot COM) website with a prompt to click for anti spyware & the usual “your system is infected” warnings.

  1. I get periodic “Critical System Warning”
    Informs me of a Spyware.cyberlog-x.
    Asks me to click to download Antispyware software

3 I get frequent “System Alerts”: Trojan-Spy.Win 32@mx
And invitations to download software

Ive fully scanned my computer & Avast, got rid of alot of Malware & a few trojans. What else can I do?
I just had my computer professionally serviced…Im only semi literate in dealing with technical problems, Any suggestions?
Much Thanks for any help…

do not click on any of those supposed warnings. They will only infect you worse. I would advise you to download and install superantispyware free edition from: www.superantispyware.com/
Update it, run a full scan, and report what files it quarantines (dont bother mentioning any harmful cookies, even though there will probably be a lot).

To get a better idea of what is running on your system, download hijackthis from: http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Install and run a scan. Do not fix anything until told to do so. Come back and post your hijackthis log along with your superantispyware results.

It reported 215 items, 80 being cookies.
They were:

Trojan.Smitfraud variant
" .media-Codec/V5

Adware E404 Helper/Tracker
" Helper/Variant-A

Trojan Smitfraud Variant/IE

Trojan. DNS Changer-Codec

Malware.Spylocked

Adware E404 Helper/Hij

Adware Helper

Rogue.Virus heat

Trojan.unclassified/LAF-Variant

I have not Quarantined yet. What should I do?

Much Thanks!

quarantine all the infections found except the cookies (you can delete those if you want, or quarantine the cookies and then delete them). When you quarantine these items, it will keep them from harming your system but will allow the avast admins (or me) to see what infections you have. Don’t delete the infections, just quarantine them for now.

You have some major problems that an admin will have to help you with. Have you tried downloading and running Hijackthis yet?

Yes, I downloaded the Hijack this & had clicked “Analyze this”

My computer is already working better after the 1st Quarantine, what else do you suggest?

Thanks

HJT should create a log when you run it, or you may have to click “save log”. Upload this log or copy and paste it into a reply.

hello everyone, i’m pretty much new in the communauty, but i’m having some problem with a virus , my is the fact i download avast way back after the viruses spread inot my pc , blocking all my pc defensive modules and stuff , its like i’m no longer in command of the computer and i’m just a third party , all the background systems are under his control , cannot access control panel nore do “add/remove programs”

wellan please post a under a new topic in the viruses and worms section of the forum. This is BillWhite’s topic.

Heres the Logfile, Is this correct? Though computer is working much better… Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:18 PM, on 2/15/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\WINDOWS\clmcs.exe
C:\WINDOWS\System32\hppapml0.exe
C:\WINDOWS\System32\ttlms.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202837315217
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202838146826
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Management Consultants (CLMCs) - Unknown owner - C:\WINDOWS\clmcs.exe
O23 - Service: Track Learning Management System (TTLMS) - Unknown owner - C:\WINDOWS\System32\ttlms.exe


End of file - 4875 bytes

The following are possible baddies. Wait till an admin tells you to fix them though:
C:\WINDOWS\clmcs.exe
C:\WINDOWS\System32\ttlms.exe
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\clmcs.exe
O23 - Service: Management Consultants (CLMCs) - Unknown owner - C:\WINDOWS\clmcs.exe
O23 - Service: Track Learning Management System (TTLMS) - Unknown owner - C:\WINDOWS\System32\ttlms.exe

It appears that you have at least one worm. Wait for further help.

Here give this a go and post the results and a new HJT.

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press “Enter”.
Choose your usual account.
Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open, so please copy the contents and post them here.