System.ini is clean, the keylogger usually adds a line in the load section. Maybe you didn't get the full install or Ewido did already delete some files the first time. Something I would like you to check :
Using windows explorer, navigate to c:\windows and look for a folder that starts with inet and some numbers - example : C:\WINDOWS\inet20001 - Delete the folder if found.
Keep all browsers closed. Click on Start
then Control Panel
Double click on the Java plug-in icon
(there may be more than one). The Java Control Panel appears.
- Click Settings under Temporary Internet Files. The Temporary Files Settings dialog box appears.
- Click the Delete Files. The Delete Temporary Files dialog box appears.
Put a checkmark next to the three options on this window to clear the cache.
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click Ok on the Delete Temporary Files window.
- Click Ok on Temporary Files Settings window.
If there are other Java plug-in icons... perform the same action on all of them. That should clean out the infected files.
Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.
"C:\\Documents and Settings\\skip\\Local Settings\\Temp\\dmx76E.tmp"=-
"C:\\Documents and Settings\\skip\\Local Settings\\Temp\\dmx76F.tmp"=-
"C:\\Documents and Settings\\skip\\Local Settings\\Temp\\dmx780.tmp"=-
"C:\\Documents and Settings\\skip\\Local Settings\\Temp\\dmx7A2.tmp"=-
Save it to your desktop as Fixme.reg
. Save it as :
File Type: All Files (not as a text document or it wont work).
on your desktop and double-click it. When asked if you want to merge with the registry, click YES
. Wait for the merged successfully
A small cleanup ...
If you already have the latest Ad-Aware SE 1.06 version, skip to Run
Ad-Aware. Otherwise download Ad-Aware SE 1.06 from here
and install it. Uncheck all the options before leaving the Install Wizard.Run
Ad-Aware and Click on the World Icon
. Click the Connect
button on the webupdate screen. If an update is available download it and install it. Click the Finish
button to go back to the main screen.
Click on the Gear Icon
(second from the left at the top of the window) to access the Configuration Window.
Click on the General
Button on the left and select in green
- Under Safety
- Automatically save log-file
- Automatically quarantine objects prior to removal
- Safe Mode (always request confirmation)
- Under Definitions
- Prompt to udate outdated definitions - set to 7 days
Click on the Scanning
Button of the left and select in green
- Under Driver, Folders & Files
- Under Select drives & folders to scan
- Under Memory & Registry
- Scan Active Processes
- Scan Registry
- Deep Scan Registry
- Scan my IE favorites for banned URLâ€™s
- Scan my Hosts file
Click on the Advanced
Button on the left and select in green
- Under Shell Integration
- Move deleted files to Recycle Bin
- Under Logfile Detail Level
- Include addtional object information
- DESELECT - Include negligible objects information (make it show a red X)
- Include environment information
- Under Alternate Data Streams
- Don't log streams smaller than 0 bytes
- Don't log ADS with the following names: CA_INOCULATEIT
Click the Tweak
Button and select in green
- Under the Scanning Engine (Click on the + sign to expand)
- DESELECT Unload recognized processes & modules during scan (make it show a red X)
- Scan registry for all users instead of current user only
- Under the Cleaning Engine (Click on the + sign to expand)
- Always try to unload modules before deletion
- During Removal, unload Explorer and IE if necessary
- Let Windows remove files in use at next reboot
- Under the Log Files (Click on the + sign to expand)
- Include basic Ad-aware SE settings in logfile
- Include additional Ad-aware SE settings in logfile
- Include reference summarry in log file
- Include alternate data stream details in log file
Click on Proceed
to save the settings and close the program.
If Spybot - S&D 1.4 is already installed on your system, skip to Update Spybot - S&D before using it
. Otherwise download Spybot - S&D from the following link:Spybot - Search and Destroy
When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, pressing the Next button until you get to the Select Additional Tasks
Under Permanent protection
, make sure to uncheck
the following items for now:
- Use Internet Explorer Protection
- Use system settings Protection (TeaTimer)
Press the Next button and then the Install button to start the installation process. When the installation process is complete, make sure that Run Teatimer
.Launch Spybot - S&D
If you told Spybot to launch when it was done installing, the program should now be open. Otherwise find the icon on your desktop and double-click on it. When you use Spybot - S&D for the first time, it will prompt you for certain tasks to complete. Skip all tasks for now by pressing the Next
button. Click on the button labeled Start using this program
to begin using Spybot - Search & Destroy.Update Spybot - S&D before using it
Click on the Search for Updates
button. If there are available updates, they will be listed. Click on the Download Updates
button and Spybot - S&D will download the updates and install them.
Run Ad-Aware and Click on the Scan Now
- Choose Perform Full System Scan
- DESELECT Search for negligible risk entries, as negligible risk entries (MRU's) are not considered to be a threat. (make it show a red X)
to begin the scan. When the scan is completed, the Performing System Scan screen will change name to Scan Complete
Click the Next
Button to get to the Scanning Results Window where more information about the objects detected during the scan is available. Click the Critical Objects
Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click
on one of them, click the Select All
entry in the pop-up menu to mark all entries. Click Next
and then OK
in the dialog box to confirm the removal.
to complete the removal of what Ad-Aware SE found.
Run Spybot - S&D
Click the button Check for Problems
When Spybot is complete, it will be showing RED
entries and GREEN
entries in the window.
Make sure that there is a check mark beside all of the RED
Choose Fix Selected Problems
and allow Spybot to fix the RED
If it has trouble removing any spyware, you will get a message window, asking if it would be ok to run Spybot - S&D on the next reboot before any other applications start running. You should reply Yes
to this. The next time you start Windows, Spybot will run automatically and fix any of the programs it could not fix previously.
At this point you will be presented with the list of found entries again, but now there will be large green checkmarks next to the items that Spybot - S&D was able to remove. The ones that are still checked but do not have the large green checkmark next to them will be fixed on the next reboot of windows.
Let me know how the computer behaves please. The virtualguy2.exe is probably just like the virtualgirl thingie. I fully understand that you don't want to find out more about it. Asking him about the program may make him feel embarrassed too.