Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

view.atdmt.com

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: view.atdmt.com

Unread postby Dakeyras » June 15th, 2011, 4:24 am

Hi. :)

At this moment, when I place my cursor over the Microsoft Upgrade Advisor link, it no longer points to "view.atdmt.com." Good news! There were no problems running any of the tools you requested I run.
Good and thanks for the update.

That's it for now. Please let me know if I need to do anything more. I wonder if there is any way to know where I may have picked up the view.atdmt.com malware? It seems that Norton had no protection for it.
It would appear to myself that malware had gained a foothold in the InProcServer32 settings of your machine, so the aforementioned was one of the access points. As to how this happened I am not completely sure to be honest but it may have been something innocuous clicked on by mistake for example. Regarding Norton as with any Anti-Virus software it is only as good as the internal data-base is and what it is able to detect, that is why it is very important to keep all security related applications up-to date and use layered protection. I will explain further about the latter after I have gave the all clear.

We do have some further tasks to complete the Malware Removal process and some installations of updated software also next time round. So please bare with myself as it would be in your own best interest from a online security point of view, thank you.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.

Note: No need for it to be active after the reset because the Norton 360 application installed has a firewall component.

Custom ComboFix-Script:


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: Select all
    Driver::
    KernExplorer
    CDLauncher
    vseamps
    vsedsps
    vseqrts
    CDAVFS
    
    File::
    c:\windows\system32\drivers\CDAVFS.sys
    
    Folder::
    c:\program files\Lavasoft\Ad-Aware
    c:\users\Mike\AppData\Local\CyberDefender Internet Security
    c:\program files\Common Files\Authentium
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    
    ReBoot::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...Click on Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ComboFix Log.
  • ESET Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: view.atdmt.com

Unread postby theglobal » June 16th, 2011, 1:28 am

Hi :)

ESET Online Scanner

When I clicked on your link for ESET (the link shows: http://www.eset.co.uk/Antivirus-Utiliti ... ne-Scanner) I saw the Scan Now button for the online scan. However, the link was to a popup...http://www.eset.com/us/online-scanner-popup/ where it only offers a download version. There was no accept Terms or a Start button on the page. Your thoughts would be appreciated.

Prior to this I ran ComboFix pursuant to your instructions, but will hold off posting the log until receipt of further instructions.

Regards!
theglobal
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby theglobal » June 16th, 2011, 1:30 am

It just occurred to me that the popup has a /us/in its web site name. Perhaps online scanning is not available in the USA?
theglobal
Regular Member
 
Posts: 85
Joined: March 1st, 2005, 3:55 am

Re: view.atdmt.com

Unread postby Dakeyras » June 16th, 2011, 3:02 am

Hi. :)

Your the second person I am assisting(in a different forum) who has brought this problem with Eset to my attention...uninstalled my own online scanner and tried it and encountered no problems at all. So please try it again and if still the same problem merely run the alternative online scan below.

Panda Online Scan:

Please go here to run Panda's ActiveScan

  • Once you are on the Panda site, click the Scan your PC now button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: view.atdmt.com

Unread postby Wingman » June 19th, 2011, 9:49 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 504 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware