Good and thanks for the update.At this moment, when I place my cursor over the Microsoft Upgrade Advisor link, it no longer points to "view.atdmt.com." Good news! There were no problems running any of the tools you requested I run.
It would appear to myself that malware had gained a foothold in the InProcServer32 settings of your machine, so the aforementioned was one of the access points. As to how this happened I am not completely sure to be honest but it may have been something innocuous clicked on by mistake for example. Regarding Norton as with any Anti-Virus software it is only as good as the internal data-base is and what it is able to detect, that is why it is very important to keep all security related applications up-to date and use layered protection. I will explain further about the latter after I have gave the all clear.That's it for now. Please let me know if I need to do anything more. I wonder if there is any way to know where I may have picked up the view.atdmt.com malware? It seems that Norton had no protection for it.
We do have some further tasks to complete the Malware Removal process and some installations of updated software also next time round. So please bare with myself as it would be in your own best interest from a online security point of view, thank you.
Reset Vista SP2 Firewall:
Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
- Code: Select all
firewall.cpl
Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK
Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.
Note: No need for it to be active after the reset because the Norton 360 application installed has a firewall component.
Custom ComboFix-Script:
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
- Code: Select all
Driver:: KernExplorer CDLauncher vseamps vsedsps vseqrts CDAVFS File:: c:\windows\system32\drivers\CDAVFS.sys Folder:: c:\program files\Lavasoft\Ad-Aware c:\users\Mike\AppData\Local\CyberDefender Internet Security c:\program files\Common Files\Authentium Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000000 RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] ReBoot::
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end.
ESET Online Scanner:
Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
- Please go here to run the scan...Click on Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. - Select the option YES, I accept the Terms of Use then click on:
- When prompted allow the Add-On/Active X to install.
- Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Now click on:
- The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
- Now click on:
- Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
- Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
When completed the above, please post back the following in the order asked for:
- How is your computer performing now, any further symptoms and or problems encountered?
- ComboFix Log.
- ESET Log.