Free Malware Removal Forum

[oceans910]

I'm not computer savy...I did a virus scan McAfee it came up that I have an infected file Malware"J" when I go to delted it ...it tells me it can't be deleted or cleaned or quarentined.. tried to call McAfee but they are closed nice to pay for that =) I have deleted all my temp and internet files using window washer and when I ran spybot it told me I have no problems.. I also keep getting a POP up window from McAfee telling me that a program called "Services" is trying for outbound access..I block it but it keeps popping up in a cycle about 20 pops ups then it stops for 5 minutes..I looked at the path and it is under a program called "Connection Status exe. and it looks like it was created within the past 12 hours when I suspect that I was infected... Pleae help I found this site via google when I googled Malwarej remember keep it simple I'm a simple minded person..Thanks much !!!! ~A~

[askey127]

oceans910,

I'll give you quite a bit to do here. You can handle it.
If any procedure step fails, make a note to tell me in the reply, and proceed to the next step. You may find it handy to print this out first.

Please read here first : http://forum.malwareremoval.com/viewtopic.php?t=12
-----------------------------------------------------------
Please Delete Your Temporary Files by deleting all files and subfolders that are in these folders (do not delete these folders themselves).
In Windows Explorer (My Computer), delete all the files in the following folders. Please do NOT delete the folders themselves, just all the contents.

C:\Windows\Prefetch\
C:\Windows\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temp\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temp\
C:\Documents and Settings\<Your Username>\Local Settings\Temporary Internet Files\
C:\Documents and Settings\<All other Usernames>\Local Settings\Temporary Internet Files\
-----------------------------------------------------------
Run an Online scan.
Go tohttp://www.trendmicro.com and click Personal. Under Trend Micro Housecall (upper right) Click Scan now.
Click Scan Now It's Free. Choose your location, then Start Free Scan Now. Select Complete Scan. If it asks about installing an ActiveX control, allow it.
It'll take a few minutes to download, especially with a dialup connection, so be patient.
Check to Clean all drives and Scan.
When it completes, copy the full name of any virus, trojan, or spyware that cannot be cleaned or deleted and post them along with your next log.
-----------------------------------------------------------
Download and RUN Spybot S&D from here. Don't install the TeaTimer 'runtime' option until your machine is completely clean, as it may interfere with fixes.
Install Spybot, click Search for Updates. Then download and install the updates.
Next click the button Check for Problems.
When Spybot is complete, it will be showing RED entries, bold Black entries, and GREEN entries in the window.
Make certain there is a check mark beside all of the RED entries ONLY.
Choose Fix Selected Problems and allow Spybot to fix the RED entries.
REBOOT to complete the Spybot cleaning process.
------------------------------------------------------------
Download and Run Ad-Aware SE Personal from here. If you are using the paid version, don't install the AdWatch feature.
Open adaware and Click the Check for updates now line on the main screen. Click the Connect button on the webupdate screen.
If an update is available download it and install it. Click the Finish button to go back to the main screen.
Click on the Settings button (the gear symbol in the upper part of screen) to open the General settings screen. Make sure the Automatically quarantine objects prior to removal setting is checked green and then click Proceed to save your changes.

Click the Scan now button in the main menu on the left side of the main status screen or use the Start button in lower right corner. This will open the "Preparing System Scan" screen. Please Deselect Search for negligible risk entries. Leave the Selection for low-risk threats unchecked also. Then select Use custom scanning options and click Customize. This will open the "Scan Settings" Page. Make sure all of the following are listed with a green checkmark:
* Scan within archives
Then click on the Tweak Button to open up the tweak settings.
Open up the "Scanning Engine" section and make sure all of the following are On with a green checkmark:
* Scan registry for all users instead of current user only
Make sure the following is unchecked with a red X:
* Unload recognized processes & modules during scan.
Open up the "Cleaning Engine" section and make sure all of the following are On with a green checkmark:
* Always try to unload modules before deletion
* During Removal, unload Explorer and IE if necessary
* Let Windows remove files in use at next reboot.
Click the Proceed button to save settings. Click Next to begin the scan. When the scan is completed, the "Performing System Scan" screen will change name to Scan Complete.
Click the Next button to get to the Scanning Results screens where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them to open up the selection screen. Click the Select All button to select all entries. Then all are selected Click Next and then OK in the pop-up window to confirm the removal.
Run the scan, and then Reboot.
------------------------------------------------------------
Download HijackThis, Install it and Post a log
Create a folder for HijackThis. To make a new permanent folder:
- Go to My Computer, doubleclick C:
- Click File, New, Folder
- type in HJT
You now have a new folder at C:\HJT\
Download the HijackThis self extracting file to your new HJT folder.
- Double click HijackThis_sfx.exe, and select Unzip. When done click OK.
- Close the window.
If you have difficulty downloading and unzipping HJT, there is a different set of very detailed pictorial instructions here: http://www.netstar.me.uk/hjt/hjt.html
------------------------------------------------------------
Start HijackThis. If the opening screen shows, choose None of the above, just start the program.
Click Do System Scan and Save a Log File. The log will open up in notepad. Use Ctrl-A to select the entire log, and Ctrl-C to Copy, Then go to Reply in this topic, and paste the contents of the log into the reply.
Please don't delete anything from the log before or after pasting it. You may add comments if you wish.

askey127

[oceans910]

thank you so very much I have printed your instructions but I needed to go to work (firefigher) lets just say I fight fires better than I do computers =) I will follow the steps this evening when I get back home...I'll paste the results to you at that time..Thanks again I really apprecaite all your help !!!!

[askey127]

oceans910,

Just post whenever you are ready.

askey127

[NonSuch]

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.