cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 15

Need help with Virus!

sad Help me please??? I can not get rid of an apparent virus on my system. I have tried a vundofix, malwarebytes, adaware...nothing removes this thing! I have managed to remove registry keys named MS Juan, and the MS track system, but they return in no time! That tells me, there is definitely something lingering. The popups are annoying, and McAfee is not seeing it....I'm at wits end! Is there anything that will remove this terrible malware program??

I am running Windows XP Home Edition. This is just tormenting me to death! Help please?
14 Replies
Highlighted
Level 10
Report Inappropriate Content
Message 2 of 15

RE: Need help with Virus!

Need more information..

Although you mentioned that your operating system is XP, which service pack is installed? Likewise, which McAfee program do you have installed?

Apparently, you've tried a number of antispyware and antivirus scanners EXACTLY what is the virus/trojan/malware called? Where has it been detected and have you been able to run all those tools you've mentioned? Did Malwarebytes actually scan the computer or did you have problems installing or running it?
_________________________________________

In the meantime, please try the steps below, even if they are similar to other things you've tried..

First, uninstall Malwarebytes and SuperAntispyware.. You're going to download the newest versions using the instructions below..

Next, On a secondary, CLEAN computer, please download the follow tools. ONce they're downloaded, burn them to a CD so you can install and run them on the problem computer later:

Download Smitfraudfix to your desktop from the link below:

http://siri.geekstogo.com/SmitfraudFix.php

Next, on that same CLEAN computer, download the newest versions of Malwarebytes and SuperAntispyware PLUS their manual updaters from the link below. Rename both of the setup files to something different.. For example, rename the "mbam-setup.exe" file to something like Gogetum.exe".. Likewise for the Superantispyware setup file. Once that's done, burn all of the files to a CD, including Smitfraudfix.:

Malwarebytes Download Link (Clicking on the links below will immediately start the download dialogue window.)
http://www.besttechie.net/tools/mbam-setup.exe

Malwarebytes Manual Updater link
http://www.malwarebytes.org/mbam/database/mbam-rules.exe

SuperAntispyware
http://www.superantispyware.com/

SuperAntispyware Manual Updater
http://www.superantispyware.com/definitions.html

Next, on that same CLEAN computer, create a Rescue Disc using these instructions:

Avira Rescue Disc Link
http://www.free-av.de/en/tools/12/av...ue_system.html

- After creating the Rescue disc using the instructions in the link above, place the rescue disc in the infected computer and boot from it. (You'll need to have the BIOS settings so the DVD/CD-Rom drive boots first in the boot order.) When it loads, choose option 2 (Boot from Rescue CD)
- choose English language (use the up/down arrow to select "English", then press the space bar to change the X to the correct box, then press the "Enter" key.), and watch the progress at the end of the boot, you should see a menu
- choose the second option: "Scan your system with AntiVir"
- If the screen goes black during the scan, you should be able to press the space bar to bring the scan back to view.
________________________________________

Now, AFTER running the Rescue Disc, restart the computer in Safe Mode, then run Smitfraudfix per the instructions at the link I provided above..

[url= http://forums.cnet.com/5208-6121_102-0.html?forumID=45&threadID=22053&messageID=274875]How To Start In 'Safe Mode'[/url]

After that,, install the "Gogetum.exe" file, (the renamed Malwarebytes program), then run the update to get the program current.. After that, restart the computer into Safe Mode and run a full system scan and delete anything it finds. (If the program won't start, access the C:\Program Files\Malwarebytes Antimalware folder and rename the "mbam.exe" file to something else.. Double click on the newly named file and it should run.. Reboot the computer into "normal" windows after the full system scan..

Do the same for the SuperAntispyware program. Install it, update it, then run a full system scan after starting in Safe Mode.

Hope this helps and let us know how it goes.

Grif
Highlighted
Level 7
Report Inappropriate Content
Message 3 of 15

It all sounds great, but..

All that sounds great but.....I have just one computer here. I did run that Smitfraud fix....the malwarebytes, I uninstalled after the first run . I reinstalled it this morning, made sure it was updated. The McAfee was installed yesterday morning AFTER it said my computer was clean on the comcast site, so I am sure that was updated...I ran the smitfraudfix on the safe mode, as well as the malwarebytes. Malwarebytes removed the registry keys affected, and I manually removed twice after that. I wrote them down after running the programs, so I knew what to look for. Thing is, they keep coming back. And I still have no clue what the root of this mess could be.
The two keys that constantly reappear are:

HKEY_Local_machine\software\MICROSOFT\MS JUAN
HKEY_Local_machine\software\MICROSOFT\MS TRACKSYSTEM

This morning I downloaded the adaware(lavasoft) I hoped that may help me locate this mess. Like I said, HOPED! I glanced at the log....but all it picked up was cookies, I assume from all the popups my daughter saw last night.

I can try the malawarebytes again........ but I really have no access to a second computer. Guess I'll keep looking for a solution.....thank ya for your time....
Highlighted

RE: It all sounds great, but..

SUPERAntiSpyware Free removes the MS JUAN infections. http://filehippo.com/download_superantispyware/

Running the scan in Normal mode should work fine.
Highlighted

RE: It all sounds great, but..

 

The two keys that constantly reappear are:

HKEY_Local_machine\software\MICROSOFT\MS JUAN
HKEY_Local_machine\software\MICROSOFT\MS TRACKSYSTEM



These are just orphaned registry keys.

Post edited.
Highlighted
Level 7
Report Inappropriate Content
Message 6 of 15

Just ran the malwarebyte again....and...

:(Hi, I just ran the malwarebyte program again. This time it has found two trojans and my ever infamous ms juan and ms track system registry keys. The ms track system shows as a trojan. vundo, and I have a location on another trojan, could they be the same thing? It says C:\Windows\system32\wvUkLfG.dll.....does that help??

Also.....I am running windows XP home, service pk3....
The Info on the McAfee is...

Security Center Cer 8.1
Virus Scan 12.1
Pers Firewall 9.1
Privacy is 10.0

I guess those keys keep returning cause the trojan won't leave...I don't get it. I downloaded that vundo fix....and ran it. Shouldn't that have removed it??

sad
Highlighted

RE: Just ran the malwarebyte again....and...

Post Edited.
Highlighted

RE: Just ran the malwarebyte again....and...



The wvUkLfG.dll is writing those entries to the registry, there maybe other similar files on-board, please follow instructions below.

Register at this Forum then follow these Steps, post the required log in that forum,not here.

evilfantasy i have edited your post, have you been trained to read hijackthis logs, if so, which school.
Highlighted

RE: Just ran the malwarebyte again....and...

paullotion, are HJT logs not allowed here? If so I apologize.
Highlighted

RE: Just ran the malwarebyte again....and...

 

are HJT logs not allowed here? If so I apologize.



We do not read HJT logs here, anyway HJT is so outdated, most of the hjt forums are using different analytical tools.
HJT is no longer a front-line tool.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community