Virus Help

Today I got on the net and all of a sudden my laptop was loaded with spyware. I ran search and destroy and adaware(both updated), they got rid of the spyware, but the spyware came back. I ran avast, it restart my cpu, it ran at start up, but then it stopped running. A message came up saying that it couldn’t run because it couldn’t find a file. Now my home page has been hijacked, there is this annoying tool bar, and my history doesn’t work. I also got some virus alerts before avast restarted my computer.

I attached my hijack.

Hi,

you’re loaded with baddies…

→ do a scan with avast in SafeMode or a boot-time scan, tell avast to repair infected files, if repair’s not possible, move them to the chest
do this twice…

reinstall & rerun Ad-Aware, Spybot & cwshredder in safeMode,
repeat until nothing is found any more…

reboot normally, and do onlinescans with Trend (see below) and www.ravantivirus.com
note exact findings (virusname & location/path/folder/filename)

  • fix according to virusinfos from Trend or VGREEP below

reboot and post a new hijackthis-Log…

:wink:

at least the are bad and you should check the corresponding lines in Hijackthis, and then click fix checked…

[N] O4 - HKLM..\Run: [MessengerPlus2] “C:\Program Files\Messenger Plus! 2\MsgPlus.exe”
-MessengerPlus2 (MSGPLUS.EXE)
O4 - HKLM..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
-stcloader (STCLOADER.EXE)
O4 - HKLM..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
-slmss (SLMSS.EXE)
O4 - HKLM..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
-ClrSchLoader (LOADER.EXE)
O4 - HKLM..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
-Mwsvm (MWSVM.EXE)
O4 - HKLM..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
-TV Media (TVM.EXE)
O4 - HKCU..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
-TV Media (TVM.EXE)

O4 - HKLM..\Run: [RunDLL] rundll32.exe “C:\WINDOWS\System32\bridge.dll”,Load
(1) - - [RunDLL] rundll32.exe bridge.dll, Load
O4 - HKLM..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
(1) - - [Dsi] dp-******.exe
O4 - HKLM..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun
(1) - - [bxxs5] RunDLL32.EXE bxxs5.dll, dllrun

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchweb2.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchweb2.com/searchbar.html

loads of other stuff, but i couldn’t identify this yet on a 1st glance…

do the above general cleanign first, then we’ll continue…

:wink:

Why msnplus 2.This is not spyware

Probably because Messanger Plus! 2 can be installed with the sponsor program.

MessengerPlus
or
MessengerPlus2

MsgPlus.exe
Third party MSN Messenger extension that hides banner ads and adds archiving and other useful features. Appears not to work unless checked, but may be activated after startup. Not recommended as it includes Lop.com - see here

http://www.sysinfo.org/startuplist.php?filter=MessengerPlus2
:wink:

Well what else with hijackthis should I delete?

You have to post an actual log to say. Please copy/past the result of Hijackthis into an answer. Do not attach the TXT file. It is easier for people who wants to help.

I had to attach it because when I tried to post it, it always says my post was to long. :-\ It didn’t use to do that before…

Please can someone help?

Either split it into 2 parts and post it, or attach it
first work on the above suggestions and supply exact info about the results… :wink: