My Anti Spyware

[papachetos]

Desprate I don't know what type of virus I have but its something cause I can't go to certain internet sites, and when I use search engine for Msn or yahoo and I click on links it take me to advertising pages. My computer is also running slow and it shouldn't cause I have DSL. I tried downloading Hijack this and the rest but can't and I do not have access to another computer. I read a situation similiar to mine and was able to get this log for you patrick hope I did it right! Please help!@

[patrik]

Hello papachetos, welcome to the Myantispyware forum.

Close all windows.
Run AVZ.
Click File > Custom scripts
Copy & paste the text in the code box below into textarea:

Code: Select all

begin
QuarantineFile('brastk.exe','');
QuarantineFile('C:\WINDOWS\svcho.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL','');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DeleteFile('C:\WINDOWS\svcho.exe');
BC_DeleteFile('brastk.exe');
RebootWindows(true);
end.

Click Run.
AVZ should run and may restart your computer. Restart your PC if it doesn't do it automatically.

Post back with a new AVZ report.

[papachetos]

here is the new report! hope it helps!!!

[patrik]

Close all windows.
Run AVZ.
Click File > Custom scripts
Copy & paste the text in the code box below into textarea:

Code: Select all

begin
SetAVZPMStatus(True);
RebootWindows(true);
end.

Click Run.
AVZ should run and may restart your computer. Restart your PC if it doesn't do it automatically.

Run AVZ again. Click File > Custom scripts. Copy & paste the text in the code box below into textarea:

Code: Select all

begin
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\brastk.exe','');
QuarantineFile('C:\WINDOWS\svcho.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL','');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DeleteFile('C:\WINDOWS\svcho.exe');
DeleteFile('C:\WINDOWS\system32\brastk.exe')
DelAutorunByFileName('brastk.exe');
DelAutorunByFileName('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL');
DelAutorunByFileName('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DelAutorunByFileName('C:\WINDOWS\svcho.exe');
BC_ImportDeletedList;
BC_LogFile(GetAVZDirectory + 'boot_clr.log');
BC_Activate;
ExecuteSysClean;
SaveLog(GetAVZDirectory + 'avz_log.txt');
RebootWindows(true);
end.

AVZ should run and may restart your computer. Restart your PC if it doesn't do it automatically.

Make a fresh AVZ report.

Post back with AVZ report (virusinfo_syscheck.zip) + include a content these files: avz_log.txt and boot_clr.log. Both files located in the AVZ home folder.

[papachetos]

I tried running the second instruction you gave me but for some reason it say error " ' " 11.1, 3.1, & 10.1

[patrik]

I have missed one ";".

Please repeat step 2. Use following script.

Code: Select all

begin
SearchRootkit(true, true);
QuarantineFile('C:\WINDOWS\system32\brastk.exe','');
QuarantineFile('C:\WINDOWS\svcho.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe','');
QuarantineFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL','');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL');
DeleteFile('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DeleteFile('C:\WINDOWS\svcho.exe');
DeleteFile('C:\WINDOWS\system32\brastk.exe');
DelAutorunByFileName('brastk.exe');
DelAutorunByFileName('C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL');
DelAutorunByFileName('C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe');
DelAutorunByFileName('C:\WINDOWS\svcho.exe');
BC_ImportDeletedList;
BC_LogFile(GetAVZDirectory + 'boot_clr.log');
BC_Activate;
ExecuteSysClean;
SaveLog(GetAVZDirectory + 'avz_log.txt');
RebootWindows(true);
end.

[papachetos]

Still posting error message 21.1 I guess another comma is missing?

[patrik]

Just checked the script at my computer, its ok.

Please try again, after "end", script should have ".". Maybe you have missed it.

[papachetos]

ok I guess that was it sorry I got the files you requested!

[patrik]

If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with combofix log.

[papachetos]

have been trying to download program but the internet page keeps giving error!!!!! what else can i do?

[papachetos]

Ok I was able to disable the TDSServ trojan and download combo fix

[patrik]

Looks ok. Only remove a few malware files.
Open notepad, copy/paste the text in the code box below into notepad:

Code: Select all

File::
c:\windows\system32\TDSSfpho.dll
c:\program files\Common Files\diqixop.db
c:\program files\Common Files\bobawe.sys
c:\program files\Common Files\ysirolafe.exe
c:\program files\Common Files\fusaje.inf
c:\program files\Common Files\vekeky.scr
c:\program files\Common Files\yzemoqop.bin
c:\program files\Common Files\vajis.sys

Name the Notepad file CFScript and Save it to your desktop. Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

When finished, it will produce a report for you.

Post back with a combofix log.