Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not remove Addware & SpyWare,Virtumande

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 6th, 2008, 11:10 pm

I am sorry I wasn't clear. You need to open each one of those files in notepad and copy and paste the contents of each one of the logs.

Go to the "qoobox" folder located on your C drive. Find the file ComboFix-quarantined-files.txt. Double click on it, it should open in notepad, Click and drag to highlight the entire contents, right click and choose "Copy" and then paste the results in a new reply.

Do this for each one of the logs listed:
ComboFix-quarantined-files.txt 2008-10-06 01:14:02
ComboFix2.txt 2008-09-20 05:06:10
ComboFix3.txt 2008-09-19 19:37:03

Hopefully this helps. Let me know if you have any other questions.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Advertisement
Register to Remove

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 6th, 2008, 11:31 pm

You did great!! :thumbright: Nice job. Let me know how you make out with the Kaspersky scan.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 7th, 2008, 10:41 am

After conferring with the developer of ComboFix, it has been decided that we need you to perform the following steps. Follow these steps exactly as written. If you don't understand something, stop and ask questions.

STEP #1

1) Go to Control Panel, Add or Remove Programs.
2) Click Add/Remove Windows Components.
3) UnCheck the box - Update Root Certificates and Click 'Next'
4) Then ReCheck the box - Update Root Certificates and Click 'Next'

STEP #2

Create a registry fix, please do the following:
  • Copy the contents of the Code Box below to Notepad.
  • Open Notepad by doing the following:
    • Click Start
    • Choose Run
    • in the box that opens type notepad.exe and click OK
    Code: Select all
    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}]
  • Make sure there are NO blank lines before REGEDIT4
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
Double-click the fix.reg file and when it prompts to merge say yes.

STEP #3

Download/install this update
http://www.microsoft.com/downloads/deta ... layLang=en

STEP #4

If Internet Explorer 7 is installed, uninstall it. Reboot before reinstalling IE7

STEP #5

Reboot the machine & post a new ComboFix log.

DO NOT RUN ANY OTHER TOOL OR SCANNER OTHER THAN COMBOFIX UNTIL INSTRUCTED TO DO SO.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 7th, 2008, 6:10 pm

I was able to down load the Kaspersky to my computer this time. It has been running all day. It has 7 threat names and infected objects at 17. Do you want me to abort or finish the scan? Let me know how you make out with the Kaspersky scan? Not good I think.
Then start with your last post? I am not sure what this is. It seems to be stuck here.

Scan statistics

Files scanned 66643

Threat names 7

Infected objects 17

Suspicious objects 0

Duration of the scan 03:27:01
Start scan
Scan is running (44%)

Click the area that you want to scan in left part of the window. The scan will start automatically as soon as you select a scan area.

Last start:
Status:
Please wait, the scan may take a long time depending on the size of the selected scan area. You can continue browsing in a new Web browser window.

Now scanning: 0c.A3X
Location: C:\Program Files\...ls\Islamic\Gun Tower
Settings | View scan report | Stop scan
Attention: Kaspersky Online Scanner 7.0 may not run successfully while any other antivirus program is running. If you have another antivirus program installed, please turn it off before running Kaspersky Online Scanner 7.0. Scan ReportThe scan report displays information about threats detected
on your computer. - Infected object - Suspicious object
InformationWelcome to Kaspersky Online Scanner 7.0! Use the program to check your computer for viruses and other malware for free.
Benefits:

Kaspersky Lab exceptional detection rates and thorough scan
Hourly database updates available
Heuristic analysis to detect unknown malware
One-click installation



Requirements and limitations:

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.
To begin using the program, you need to download and install the program files and the database of malware definitions. (The size of the program files depends on your operating system.) Later, Kaspersky Online Scanner 7.0 checks for the program and database updates every time you open or update the program window and, if available, downloads and installs them automatically.
In Linux, Kaspersky Online Scanner 7.0 does not scan RAM, boot sectors and MBRs, so it cannot detect malicious programs located in these areas.
In Microsoft Windows Vista, if the language you use has a character set and fonts different from English, make sure that the language selected for your default system locale and the language to display dates, times, currency, and measurements (Current format) are the same as the language you use.
Kaspersky Online Scanner 7.0 only detects malicious code that have already penetrated into your computer, so that you can delete them manually. It neither protects your computer against malicious code, nor prevents future infections. We recommend that you install a full-featured antivirus solution to protect your computer.
SupportIf you have questions, comments, or suggestions related to
Kaspersky Online Scanner 7.0, please contact us. About Kaspersky Online Scanner 7.0

Version 7.0.25.0

Database published Tuesday, October 07, 2008 21:22:23

Operating system Microsoft Windows XP Professional Service Pack 2 (build 2600)

User Forum
Go to the Kaspersky Lab Forum.
Malware information
Find news and information about viruses and other threats at Viruslist.com.
View information
Warning

Kaspersky Online Scanner 7.0 is already running in another window.
SettingsDetect malicious programs of the following categories:
Viruses, Worms, Trojan Horses, Rootkits
Spyware, Adware, Dialers, and other potentially dangerous programs

Scan compound files (doesn't apply to the File scan area):
Archives
Mail databases
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 7th, 2008, 10:19 pm

Hold off on doing the Kaspersky scan right now. Go ahead and start with Step#1 in my last post. I have a feeling that if we get things running better, Kaspersky won't be so problematic.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 7th, 2008, 11:14 pm

Ken

In Step #1 I can do 1. control panel. then add or remove programs.
When I do #2 add/remove Windows Components I get the following message and no further action.

Setup library ocmsn.dll could not be found, or function OdEntry could not be found. Contact your system administrator. The specific
error code is 0x7e.


OK


Then after ok it states: The application could not be intailized.

Ok
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 8th, 2008, 3:49 pm

It appears that you may have a system file in the wrong location. Lets do this and see whats going on:

Step #1: Create batch file

To create the batch file, please do the following:
  • Copy the contents of the Code Box below to Notepad.
  • Open Notepad by doing the following:
    • Click Start
    • Choose Run
    • in the box that opens type notepad.exe
    Code: Select all
    @ECHO OFF
    SET "Target=%winDir%\system32\Setup\ocmsn.dll"
    
    IF EXIST "%Target%" (
       ECHO."%Target%" found
       ATTRIB -H -R -S -A "%Target%"
       MOVE /Y "%Target%" "%Target%.OLD"
       IF NOT EXIST "%Target%" ECHO."%Target%" is renamed
       )>found.txt 2>&1
    
    VFIND -tf %systemdrive%\ocmsn.dll >temp00 &&(
    FOR /F "TOKENS=*" %%G IN ( temp00 ) DO @IF NOT EXIST "%Target%" (
       ATTRIB -H -S -R -A "%%G"
       COPY /Y/B/V "%%G" "%Target%
       IF EXIST "%Target%" ECHO.&ECHO.Replaced with %%G
       ) )>>found.txt 2>&1
    
    START Notepad found.txt
    DEL temp00
    DEL %0
  • Name the file as found.bat
  • Change the Save as Type to All Files
  • and Save it on the desktop

Double-click the found.bat file. A window will open and close. This is normal.

This should open Notepad with the results. Please post the contents of those results in your next reply.

Let me know if you have any questions.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 8th, 2008, 6:19 pm

"C:\WINDOWS\system32\Setup\ocmsn.dll" found
"C:\WINDOWS\system32\Setup\ocmsn.dll" is renamed
1 file(s) copied.

Replaced with C:\WINDOWS\ServicePackFiles\i386\ocmsn.dll


I went back to your Oct. 7 9;41 AM MEMO.I was able to now do Step ! ! & 2 # I could do uncheck Root Certificates but when I clicked next I got another message.

The screen says:

The file 'zClentm.exe' om Windows XP Professional CD-ROM is needed.

Type the path where the file is located, and then click OK.




I put the cd in but was unable to find the file.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 9th, 2008, 12:09 am

The screen says:

The file 'zClentm.exe' om Windows XP Professional CD-ROM is needed.

Type the path where the file is located, and then click OK.

I put the cd in but was unable to find the file.


It should be ZClienttm.ex_. It's located in the I386 folder of your CD
User avatar
sUBs
Developer
Developer
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 9th, 2008, 6:06 pm

Yes the file does come up as missing as ZClienttum.ex_

I have 4 different disks for my Office xp pro. Microsoft FrontPage,Office XP Media Content, Microsoft Office Step by step Interactive training and Office xp Professional Version 2002.
After Control panel ,add or remove programs, I click on add/remove components and I then uncheck Update Root Certicates, I click next and then a screen comes up that I am missing ZClienttum.ex_ How do I or should I find and install it? Thanks.

Mike

I am starting to get lost here.
My computer seems to be running and operating fairly well. Somehow we are going too have the operating system running correctly and remove all spyware and virusus to a, all clean. Made progress I feel. The earlier problem of clicking to remove the "spyware and addware" and being taken to a website on explorer is gone. The effects still remain. Need to able to install a antivirus and spyware. When do I or do I have to remove explorer? And which steps , order?
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 9th, 2008, 8:36 pm

Hi Schef,

I know this is probably getting frustrating for you. I am glad to hear that things are running better now. The reason I have been having you do these things is that there are still some problems showing. They may not be readily apparent from the everyday operation of the machine, however if they are not taken care of, they could cause problems for you down the road.

sUBs, the expert and developer of ComboFix, has been advising me on the best way of dealing with the problem. sUBs is a highly regarded expert in the Malware Removal field and I highly recommend that you follow his suggestions. From the ComboFix log, sUBs has identified that you have a problem with the CatRoot folder on your computer. Here is his description:

He has an incomplete/corrupt Catroot folder. CatRoot is where the OS keeps info about the files MS digitally signs. If we don't fix it, the next time he runs SFC or something triggers WFP (Windows File Protection), mayhem may break out.


There are some things that we can do to correct this, however it more than likely will not be a short fix. As you have seen, there will be more steps involved.

In the end, it boils down to what you want to do. It is your computer, and you can decide how far you want to take this. I will be more than happy to continue working with sUBs on the problem, and I am confident that we can resolve it if you are willing to hang in there.

As an alternative, you can choose to not continue with this and leave things as they are. If you are comfortable in the way things are running, and are willing to risk it, than that is your choice.

May advice to you would be to hang in there, and see if we can get things corrected. That way, hopefully we can lessen the chances of something else happening down the road.

Please tell me what you have decided, and what you would like to do.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 9th, 2008, 10:13 pm

Keep going for sure! I sometimes just need to figure out what you are wanting me to do or more importantly how to do it. Need to clean it and get a adware ,spyware, virus protection going.
My yahoo att come with Norton so I think I would like to get to that at the proper time. Again thanks for hanging in there with me.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 9th, 2008, 10:29 pm

Great. I am glad you chose to hang with it. In the long run I think you will be glad you did.

Lets start back with this:

The file 'zClentm.exe' om Windows XP Professional CD-ROM is needed.
Type the path where the file is located, and then click OK.


We need to see if that file actually exists on your system.

Do this;

Press Start->Run, copy/paste the following command into the box and press OK:
cmd /c dir C:\*.* /L /A /B /S|Find "zclientm.exe" >> "%userprofile%\desktop\look.txt"

A file called look.txt should appear on your Desktop. Please post the contents of this file.

That will tell us where the file is located. Let me know how this goes, and post the contents of look.txt in your next reply.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 9th, 2008, 11:45 pm

c:\windows\system32\dllcache\zclientm.exe
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 10th, 2008, 9:27 am

Good. Nice job!

Now I want you to go back and try doing the steps that I posted before. THESE STEPS

If you get the error:

The file 'zClentm.exe' om Windows XP Professional CD-ROM is needed.
Type the path where the file is located, and then click OK.


point it to the path of the file location:

c:\windows\system32\dllcache\zclientm.exe


See then if you can continue through them.

If this still doesn't work, then we will try another route.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware