A question before doing Polonus' 10 steps....

[Ron in RI]

GREETINGS TO ALL.....

I need a kind and patient soul to advise me.

I am using: Averatec notebook  WinXP SP2  (dial-up)   avast! (Home) (free)   Spybot     AdAware    Zone Alarm    Windows Defender   

My computer is infected.  I'd been using avast! for months, with no difficulties, then suddenly, on November 23...VIRUS ALERTS (information below).  I discovered that, in my "resident task settings", ""scan inbound mail" (SMTP) was not checked.  I can't explain that; I'd had no virus problems for months.

 I have looked at online resources available to help me, starting with Polonus' famous "10 Step Program".

My situation is that I am sick; I'm medicated and have cognitive difficulties (my brain is foggy and I feel  overwhelmed by details and information).  Generally, I function with my computer at intermediate level...but I'm not doing well at the moment.

 

I'm overwhelmed and I don't know that I can do the task.  Maybe I could "Rent a Geek" and pay to get this resolved. 

I'm tempted to do a good backup of my pictures and Word documents, and wipe out everything else and reformat the hard drive.  Mentally, I could handle reinstalling programs and all that...it's a simple, routine operation....even if it's not fun.

I must resolve this and I don't want to do anything stupid....I need advice.  Am open to all suggestions.

Thanks very much to all.....and special greetings to the folks in Praha.  Pertinent info from the avast! log follows:

C:\Documents and Settings\Segundo\Local Settings\Temp\WER699e.dir00\IEXPLORE.EXE.hdmp [L] Win32:Downloader-gen [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Segundo\Local Settings\Temp\WER77b7.dir00\IEXPLORE.EXE.hdmp [L] Win32:Downloader-gen [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Segundo\Local Settings\Temp\WERb5ea.dir00\IEXPLORE.EXE.hdmp [L] Win32:Downloader-gen [Trj] (0)
File was successfully moved to chest...
C:\Documents and Settings\Segundo\Local Settings\Temp\WERf6e8.dir00\IEXPLORE.EXE.hdmp [L] Win32:Downloader-gen [Trj] (0)
File was successfully moved to chest...

C:\Program Files\PCPitstop\AV\Pavdll.dll [L] Win32:Kuang2 (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{17F73930-21DE-4C05-8B58-C42027025558}\RP177\A0061028.exe\iTunes.cab\Global_VC_ATLANSI_f0.7EBEDD68_AA66_11D2_B980_006097C4DE24 [E] CAB archive is corrupted. (42127)
C:\System Volume Information\_restore{17F73930-21DE-4C05-8B58-C42027025558}\RP177\A0061028.exe\iTunes.cab [E] RAR archive is corrupted. (42126)
C:\System Volume Information\_restore{17F73930-21DE-4C05-8B58-C42027025558}\RP181\A0063524.dll [L] Win32:Kuang2 (0)
File was successfully moved to chest...
C:\System Volume Information\_restore{17F73930-21DE-4C05-8B58-C42027025558}\RP189\A0067500.dll [L] Win32:Kuang2 (0)
File was successfully moved to chest...
C:\WINDOWS\system32\ActiveScan\pskavs.dll [L] Win32:CTX (0)
File was successfully moved to chest...

THANK YOU most sincerely,
Ron in RI (USA)

[FreewheelinFrank]

Hi Ron,

The first part of your log shows a Hotbar infection. avast! has deleted some files, but to make sure the infection has gone, please download and run this removal tool:

http://hotbar.com/downloads/HbUninst.exe

Information about Hotbar here:

http://www.pchell.com/support/hotbar.shtml

To clean up your temp files, please download and run CCleaner:

http://www.ccleaner.com/

The second part of your log shows two things:

1) You have used online scanners which have left files on your computer which avast! has identified as viruses. These scanners are PCPitstop and Panda Active scan.

The solution is to uninstall these programs and/or delete the program folders:

C:\Program Files\PCPitstop
C:\WINDOWS\system32\ActiveScan

If you want to continue using these online scanners, you can add the folders to avast!'s ignore list.

2) You have some malware files in System Restore, the protected Windows backup system. To remove these files you will need to create a clean System Restore point, then delete all older System Restore points:

http://www.bleepingcomputer.com/tutorials/tutorial56.html

Please say if you need further instructions on any of these points.

Good luck!

[Ron in RI]

Oh, Man....!!!  Your message brings tears to my eyes.  It is EXACTLY what I needed.  You have de-mystified the morrass I've felt caught up in!!

I love avast! and I love users forums.  I tell my friends that there are all these knowledgeable and generous people all over the world who are willing to come to our aid.

I don't mean to gush....but thanks VERY much.  I'll do the work and let you know how it goes.

Ron in RI 

[Ron in RI]

Frank....

I went through all the steps you suggested.  Everything seemed to go well and I believe I now have a clean computer (and I learned a few things along the way).

Thanks so much.  I really appreciate your help.

Good day to you........

Ron in RI   

[FreewheelinFrank]

No problem, Ron.

If you haven't got it already, I'd recommend SpywareBlaster which can prevent the installation of a lot of toolbars:

http://www.javacoolsoftware.com/spywareblaster.html

Also, alternative browsers like Firefox and Opera are less prone to adware/spyware toolbar cr*p.

http://www.mozilla.com/en-US/firefox/

http://www.opera.com/