Malware virus problem

  Flabbyfran 18:50 01 Oct 07

Hi all,
when i start up my computer(XP home) and log on my anti virus (avast)flaggs "malware has been found in C:/DOCUME~ ETC" tells me to move to chest. The Internet explorer starts up ,which it shouldn't, and open a what is obviously a false paypal sight inviting me to log on.
I have ran my antivirus,super anti spyware,Ad-aware,and spybot but no joy its still there. I am unable to system restore either as it fails everytime i try. I would be grateful for any thoughts.

  mfletch 19:07 01 Oct 07

Hi Flabbyfran it maybe a form of the smitfraud infection?

Download this and read the instructions

SmitfraudFix/ click here


  skidzy 19:08 01 Oct 07

Empty your temp files and run the scans again in safemode. click here
Safemode can be accessed by tapping F8 on startup.

This sounds like your browser has been hijacked,and your best possible route if the advice fails is to run Hijackthis and post the scan log at MWR.

Hijackthis click here
Malwareremoval click here

Let the experts advise accordingly.

Do NOT tinker with the HJT scan results,you may render your machine useless.

  Flabbyfran 19:08 01 Oct 07

Thanks i'll try that. It did say it was a VBS malware?

  Flabbyfran 19:12 01 Oct 07

Tried to start in safe mode but i couldn't get it to work my display as it's not supported in safe mode and i didn't know how to get round it?

  skidzy 19:22 01 Oct 07

There are many variants of VBS commonly known as VBscript and possible received via email attachment.

Once this attatchment has been executed,your registry will have been changed and your redirection happens upon reboot of the computer.

Do you have the full name of the VBS Avast has found.

  Flabbyfran 19:36 01 Oct 07

No sorry i don't. Have posted my scan log and waiting for replies.
Thanks for your help.

  skidzy 21:40 01 Oct 07

i expect MWR to notify you of running another scan and post the log again using the new version of HJT click here

My apologies for the earlier link regarding HJT,i didnt realise the new version was out of beta.

Will watch your thread over at MWR with interest,i did take a look and im not an expert but i did not notice much wrong...but there are one or issues they may ask you to remove.

Good luck and please be patient.

  Flabbyfran 23:10 01 Oct 07

Thanks for all your help. Fingers crossed.

  skidzy 18:26 08 Oct 07

Well done Flabbyfran, i see you are sorted now.

  Flabbyfran 19:41 08 Oct 07

Yeah, Thanks for pointing me in the right direction. You feel a bit naked posting all those logs and not really knowing what you are telling people about yourself. But worth it in the end i feel refreshed.
Thanks Again.

This thread is now locked and can not be replied to.

The Legend of Zelda Breath of the Wild review: Five hours with Zelda on the Nintendo Switch

1995-2015: How technology has changed the world in 20 years

How the painting-like animated sequences in A Monster Calls were created by Glassworks Barcelona

The 22 best Safari extensions | Best Safari plugins: Improve Apple's Safari web browser with these…