Malware virus problem

  Flabbyfran 18:50 01 Oct 2007
Locked

Hi all,
when i start up my computer(XP home) and log on my anti virus (avast)flaggs "malware has been found in C:/DOCUME~ ETC" tells me to move to chest. The Internet explorer starts up ,which it shouldn't, and open a what is obviously a false paypal sight inviting me to log on.
I have ran my antivirus,super anti spyware,Ad-aware,and spybot but no joy its still there. I am unable to system restore either as it fails everytime i try. I would be grateful for any thoughts.
Fran

  mfletch 19:07 01 Oct 2007

Hi Flabbyfran it maybe a form of the smitfraud infection?

Download this and read the instructions

SmitfraudFix/ click here

mfletch

  skidzy 19:08 01 Oct 2007

Empty your temp files and run the scans again in safemode. click here
Safemode can be accessed by tapping F8 on startup.

This sounds like your browser has been hijacked,and your best possible route if the advice fails is to run Hijackthis and post the scan log at MWR.

Hijackthis click here
Malwareremoval click here

Let the experts advise accordingly.

Do NOT tinker with the HJT scan results,you may render your machine useless.

  Flabbyfran 19:08 01 Oct 2007

Thanks i'll try that. It did say it was a VBS malware?

  Flabbyfran 19:12 01 Oct 2007

Tried to start in safe mode but i couldn't get it to work my display as it's not supported in safe mode and i didn't know how to get round it?

  skidzy 19:22 01 Oct 2007

There are many variants of VBS commonly known as VBscript and possible received via email attachment.

Once this attatchment has been executed,your registry will have been changed and your redirection happens upon reboot of the computer.

Do you have the full name of the VBS Avast has found.

  Flabbyfran 19:36 01 Oct 2007

No sorry i don't. Have posted my scan log and waiting for replies.
Thanks for your help.

  skidzy 21:40 01 Oct 2007

i expect MWR to notify you of running another scan and post the log again using the new version of HJT click here

My apologies for the earlier link regarding HJT,i didnt realise the new version was out of beta.

Will watch your thread over at MWR with interest,i did take a look and im not an expert but i did not notice much wrong...but there are one or issues they may ask you to remove.

Good luck and please be patient.

  Flabbyfran 23:10 01 Oct 2007

Thanks for all your help. Fingers crossed.

  skidzy 18:26 08 Oct 2007

Well done Flabbyfran, i see you are sorted now.

  Flabbyfran 19:41 08 Oct 2007

Yeah, Thanks for pointing me in the right direction. You feel a bit naked posting all those logs and not really knowing what you are telling people about yourself. But worth it in the end i feel refreshed.
Thanks Again.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

OnePlus 5 review

See the work of famous artists playing with toys

iPad Pro 10.5in (2017) review

Comment faire une capture d’écran sur un Mac ?