Resolved: Can someone help me or try?

[artisticmind]

I’m hoping that someone can help me. The other night while browsing the message boards on DiaperSwappers.com (a sight for families that are cloth diapering) I picked up a virus. After the fact I find out that several other parents have picked up similar viruses there. I finally got Avast 5 (the free version) downloaded as well as Malwarebytes (version 1.46) and it got rid of the files. Then last night it came back after Avast said that it blocked the attack (this time I was on facebook looking at my wall). I picked up the rogue Antivir Solution Pro software crud along with something else that that redirects the links from my search queries to random spam pages. So far this has happened on both google and ask.com but I also use swagbucks search engine and have not had any redirecting from there yet.
Upon startup I get 2 Rundll error messages: “C:\WINDOWS\eqesabam.dll” and “:C\WINDOWS\otalibc.dll” I got “rid” of it again with both malware and avast but I’ve noticed since removing it the first time while browsing I get an error message report “Generic Host Process for Win32 Services” which when I click on the “Don’t Send Report” it causes my screen to flash and it goes from the blue Windows XP appearance on my Start button and task bar to a gray Windows 95 vintage appearance and then flashes back to the XP appearance. It also seems to disable my internet and I end up shutting down my computer and restarting it to get back on the internet.
I have a Gateway Netbook from Verizon with their internet connection, I’m using IE7 and as mentioned above am using both Avast 5 and malwarebytes. I understand some techie terms but not all and I’ve seen on other posts requests for posting logs and I have no ideas how where to find or create these logs to post them so I would need help with this. Can anyone help me get rid of this crud?!

[Asyn]

Run a boot time scan with avast..!
asyn

[doc_up72]

Run your scans again but before you do be sure and update each program. Then turn off your system restore to delete any restore points and any reboot hacktools that may be hiding in the restore volume. This is typically the case when you get them clean and they come right back. After cleaning turn system restore back on and create a new restore point. You need real time protection. to help obviate a recurrence of the same. If you still can't rid yourself...then please post the name of the virus(es) that are picked up.
Good luck

[artisticmind]

i made sure both my avast and malwarebytes were updated this afternoon when i ran them. I also just ran the boot scan and that came up with nothing according to the logs. I turned off my system restore just a few minutes ago, do i need to re-run my scans now?

[SafeSurf]

<snip> do i need to re-run my scans now?

Yes.
Update[/color] MBAM (malwarebytes) again and run a scan, but this time post your log here (copy and paste).  Prior to running the scan, make sure your Settings > General > Automatically Save File After Scan Completes is checked off.

If you still come up with problems, then we will have you run an OTL log, which we will give you directions on how to do this.

Are you up to date with your Windows Updates?

I noticed you are still using IE7.  You should update this to IE8 for better security.

What other security software do you have on your machine, including a firewall (including past AV and FW)?

Once you are clean, you should check to make sure all your applications and software are up to date with Secunia Software Inspector http://secunia.com/vulnerability_scanning/personal/.  Many of us use this since software is constantly changing.

[artisticmind]

okay i updated again and am running said scans again. here's some info i can provide to you while i wait for my hourlong MBAM to finish.

I'm running Avast! Free Antivirus Program version 5.0.594, Virus Definitions 100729-0 7/29/10 3:00:44AM
and MBAB Database Information 7/29/2010, Version 4367, Fingerprints 263591.

Per your advice I updated to IE8 this afternoon. now i'm just trying to figure out how to get rid of the worthless Bing stuff that came with the update. Can i mention i hate Bing?   i've tried using it on my phone and it's a worthless pain in the rear and i end up going to google anyway...anyway back to the virus topic...

Firewall...umm, as far as i know i have one as per when i open my network connections window it shows that my connections are firewalled. If i go to start>accessories>system tools>security center it shows that my windows firewall is on. If I need a better one please recommend.

Windows Updates...again as far as i know i'm completely updated with those other than the IE8 which i'm now current with updates. when going to the system tools again it shows that my updates are on the "automatic" status for downloading and installing. I never have an icon in my system tray showing that updates are ready for installation so again i'm assuming that my computer is doing as specified and updating. I've tried going to microsoft to make sure that i'm updated and it appears that they've changed it from windows updates to microsoft updates and after accepting the request from active x to run the update it comes up with a window that it's not available to update. i can get the exact wording later. this happend both prior to updating to IE8 and afterwards.

I'll be back in a bit with the log as soon as MBAM is done

ETA: forgot to mention that this antivir solution pro crud came back this morning upon startup even before i was connected to the internet so i know this crud is lurking in my system somewhere. I probably should have mentioned this as well but the only way i can get in to get connected to my internet and get MBAM to run is to run an Rkill  that was created and posted by someone on bleepingcomputer.com it's the only way to get rid of the antivir icon from my system tray and to stop the popups and "warnings" saying that "blank" file is infected (including my VZAcess file and MBAM file) along with the assorted popups that flash up when the icon is active on my system tray.

[artisticmind]

okay here is the log from my full system MBAM scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/29/2010 3:48:40 PM
mbam-log-2010-07-29 (15-48-40).txt

Scan type: Full scan (C:\|)
Objects scanned: 210445
Time elapsed: 1 hour(s), 23 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SolutionAV (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


my avast found 2 infected files:
name: exe.exe, original location: c:\windows\temp, virus: win32:rookit-gen[rkt]
name: index[1].htm, original location: c:docs & settings\networkservices\localsettings\temp int. files\content.IE5\v1v9d074 Virus: js:downloader-zw[trj]

since those are ran i'm going to delete my cookies, temp. int. files, history, and empty my recycle bin and turn my system restore back on. please correct me if i'm wrong and i'll turn it back off.

[SafeSurf]

Turn your system restore back on and run an Avast Boot-time scan (it will take a while to run).   Also make sure your Avast definitions are up to date (UTD).  Report back with results.

You do need a better firewall (FW) than the XP FW.  I suggest a third party FW.  Several have been suggested on the forum that work well with Avast:  Online_Armor; PC_Tools_FW_Plus (no AV or spyware); Comodo (without AV/D+); Outpost.

Suggestion for installs (like getting bing), do Custom installs or look very carefully for "toolbars" or adware being installed and make sure you do NOT install them as they only cause headaches and possible spyware.  I'm not saying in this situation it is a problem, but I'm sure you will be able to remove it at a later date once your problems are resolved; I believe you can change it to another site. 

[artisticmind]

okay ran boot scan this afternoon, no viruses, my database updated again so i'm just running a quick scan. Antivir hasn't come back again...yet. Still getting the rundll errors at start up as mentioned in the first post and i still have something rerouting my searches when i click on a link. Also after connecting to the internet via my VZAccess icon the first internet window i pull up from in Internet Explore icon freezes up since updating to IE8. never had that issue with IE7 even with the virus. I have to close it, it comes up with the box that program not responding and the option to end task which i have to click to get window to close and of course the lovely error report option. Once my browsing session is open i get one spam popup window almost immediately and then another one or two throughout an internet session, so maybe 3 an hour. One of the favorite ones that likes to come up is porno.com---real lovely when you have small children in the room, and a couple that i think are shopping sites. I'm not sure as to what they are because as soon as the new window opens i click the close button in case they are carrying something that my computer doesn't need. Any ideas? I'll get a new firewall up tonight that you recommended.

[SafeSurf]

You'll need to run an OTL Log.  Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0.  Follow the directions of obtaining an OTL log and you can post the OTL log as an attachment (Additional Options in the bottom left corner under the message screen when posting).  I will refer you to one of our malware experts named Essexboy for further assistance and he will be contacting you after you post your OTL log.

[artisticmind]

okay, here's my logs. Thanks!

[SafeSurf]

Nice logs with some problems, esp. with IE.   Do you or did you at some point have a variety of antivirus software like Norton Internet Security, McAfee, CA, Kaspersky, Panda, Sophos, Trend,  Ahnalba?  Do you or did you at some point have a variety of firewalls like McAfee, Panda, Symantec/Norton, Tiny, Trend, ZoneLabs? 

Essexboy will review the logs, since he is the expert and contact you with further instructions.

In the meantime, I want you to:
1. Update Avast and scan, and update MBAM and do another scan for possible disinfection.  If anything shows up as positive, please post the infection results.

2. Download CCleaner http://www.piriform.com/ccleaner is a freeware system optimization, privacy and cleaning tool.  It removes unused files (cache, temporary Internet files, etc.) from your system - allowing Windows to run faster and freeing up valuable hard disk space.  It also cleans traces of your online activities such as your Internet history.  Additionally it contains a fully featured registry cleaner.  Remember when installing to uncheck the Yahoo toolbar.  Don't use the Registry cleaner until your problems are fixed by Essexboy. 

You're system needs a lot of cleaning up and updating of software.  Once everything is fixed, you should download the free Secunia Software Inspector to keep your software up to date http://secunia.com/vulnerability_scanning/personal/ and use it weekly/biweekly.

[SafeSurf]

I noticed one more thing that I need you to check.  Please go to Control Panel > Add/Remove Programs > check to make sure you have the following listed:

               "Microsoft Visual C++ 2008 Redistributable Package"

You may also have the year 2005 listed as well, but should definitely have 2008 listed.  Let me know what versions you have listed.  Thank you.

[artisticmind]

Regarding the firewalls/antivirus tools no I've never tried installing anything in this machine prior to the infection, i was naive, what can i say LOL. When the infection hit i tried downloading the AVG Free by Grisoft but the virus wouldn't let that happend even after i downloaded the program to a usb flash drive on another computer and tried to install it. No other firewalls to my knowledge. It possible if i go back through my paperwork there was a trial of norton or something that came with the netbook that i never activated, not a fan of norton or mcafee, i always had good luck with AVG on my old dell. No spyware programs or anything like that, should just be the avast! and MBAM. I will get my scans run tonight and report back. I did check that software, I only see the 2008 version on the Add/Remove programs tool. As for the one program you told me to download does it give me an option not to run the registry cleaner or download it and wait to run the entire thing until essexboy has looked at it?

[SafeSurf]

@ Nariamathstes,

Please start a New Topic of your own as this will just confuse the current thread and we will help you there. 

Go to this link, http://forum.avast.com/index.php, scroll down to the Avast Free/Pro/Suite or the General Topic forum and click it, click the New Topic button at the top of the list and post there.  It is inappropriate to post here.