Major Virus Problems Solved/Closed

Question

Hello, 
I have just encountered a virus that is causing me major problems. First i should tell you that i am using a Dell Inspiron 1545 updated from windows vista to 7(32 bit). I am pretty good with computers as long as i understand what I'm supposed to do. So, when i was scanning for a virus on my computer with Microsoft security essentials, i found a trojan virus (history deleted don't remember name) and deleted it, just for it to reappear again, with the same name after a suggested restart from the antivirus program. Then, i was suggested to restart again, but it came under a different name. After some searching, i tried different antivirus programs but no change...(they would all stop working when i hit scan?) Then, the next day, i got the same message, but with the virus under the name virus Backdoor: Win 32/Smadow.gen!B. I tried to restart the computer but i got a black screen with a error like "checking file on system. c the type of file is ntfs error"and then when it started, it got an error immediately. Then, my internet had several problems when i tried to connect to my wireless network. The troubleshoot gave me two error involving invalid ip and network proxy. Fro some reason now, mse is not giving me a virus, and when i looked in the virus folder, and under recent changes, it showed me a weird account which i could not delete, even when i was administrator. I have no idea where to start to fix my computer. Please respond as soon as you can, and if you need further detail, please ask. I know i did not go into all the details I could, because i did not know where the problem was.

Thank you so much for your time

Ambucias · Answer

Greetings,

It looks like you have a worm type of virus.

To help you, I must make a diagnostic and to do so, I require a log. 

1. Boot your machine in safemode with networking

2. Open this link and download ZHPDiag2 : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

(This is a new version on the tool, so the site may be temporarely in French) 

Save the file on your Desktop. 

Double click on ZHPDiag.exe and follow the instructions. 

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step). 

Double click on the short cut ZHPDiag on your Destktop. (If necessary click on the Hardhat icon to change the language to English) 

Click on the Magnifying glass and run the analysys. 

Wait for the tool to finished (maybe a long time) 

Close ZHPDiag. 


To transmit the report, click on this link : 

https://authentification.site 

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag). 

Select the file ZHPDiag.txt. 

Click on "upload » 

Copy the url and post it here

Catch you and the worm later

mihneabulu · Answer

Thank you so much for  the help. I downloaded and ran the application, and it gave me an error about my network connection not working. Also, another icon appeared named MBRCheck on the desktop. Then, when I clicked the first of the two icons, it told me a similar error. So, there is one problem, I could not go the the URL, but I saved the text document on a flash drive and sent it from another computer.
Here it is:
http://www.speedyshare.com/files/30800473/ZHPDiag.txt

When you are done, here is the delete password:
gokidovamebe

Anyways, thanks for the help!

Ambucias · Answer

Hello again,

The MRB icon is normal.

He is what I see:

1. You Microsoft Security Center has been overridden

2. Your Microsoft Firewall has benn overridden

3. There is an adware (PUP infection) Meta Stream in Viewpoint Media Player, SigmaTel Audio Service (STacSV.exe)

4. Suspicious because I don't know what it is: C:\Windows\system32\userinit.exe,C:\Windows\system32\Scvhost.exe,C:\Windows\system32\Scvhost.exe

(Your Java, I Tune and Quick Time applications need to be updated. There is not infection related)

5. Skype has a virus : Malware.Bot

6. There is a rogue trojan horse named: STacSV in system tools 2011.

7. The toolbar S&D My Websearch is a BT infection.

The source of most all of the infections were the downloads you did with Azureus.

You have far too many antivirus applications which conflicted with one another.  Just one is sufficient and you must delete them and keep just one. Clam is not the best.

Not to make this message too long, I will end here and return shortly with the clean-up solution.

Ambucias · Answer

I'm Back (not Mozart:-)

There are hundreds of infected items in your system and registry so we will not use ZHp Fix as we would be working on it for a week.

Remember that after we clean your system, you must delete all of the antivirus applications you have and keep only one.  You also must ensure, after the clean-up to reactivate your firewall.

You may wish to print the following

1. Go here and download SDFix to your desktop

https://proposedsolution.com/downloads/download-sdfix-exe/

2. To outwit the rogue which may prevent running, rename SDfix to Kioskea.exe.

3. Install SDfix to its default location c:\

4. Reboot your system in safemode (That is a must)

5. Once booted, click on start and run type:

C:SDFixRunThis.bat  and click ok  You will get a black window. 

6. Press Y and enter

The process may take 30 minutes, be patient

SDFix will restart your machine and at the end you will get a log which you can co? and paste here.

Good luck

mihneabulu · Answer

Ambucias,
Again thanks for the help.

I just had a problem:

When I try running the program like it says in the text document that tells the instructions, but when i did this it opens a blue screen, but closes immediately. This also happened with the two other anti-virus programs that I tried.
I ran the whole thing in just safe mode (no networking) and did everything just as you had said. Is there something I missed, or is the virus acting up to stop it from running.

And  my question from before,

I did very few downloads with Azureus a long time ago. Then I "supposivly" uninstalled it. Why does it still appear and how can I delete it?

Sorry about the antivirus question, I now understand the reason.

Ambucias · Answer

Hello Minhea,

I don't know if you missed something, you said that you did everything as I said.

 Obviously Azureus is still there, I saw it.  How to remove comes after this clean-up.

I would like you to remove all expect one of the antivirus applications you have and keep the one you purchased.  You must completely delete Malwarebyte as it may be corrupted and we will need a fresh copy.

Follow the instructions below:

Please follow the following procedure carefully and to the letter. 

You have a rogue virus Trojan Horse which is self protective, thus it will prevent any antivirus from fonctionning. 

You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever. 

To kill the processes: 

1. Download to your desktop and run Rogue Kill: 

https://download.bleepingcomputer.com/grinler/rkill.com 

2. You should now see a window that shows all of your desktop icons, including the rkill.com program. 

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. 

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running. 

As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))

Please, DO NOT REBOOT your computer or the processes will come back to haunt you! 

Download to your desktop Malwarebyte. 

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ 

Once on your desktop, we must still outwit the virus. 

Right click on the MBAM icon and click on rename. Rename it kioskea.exe. 

Install Malwarebyte and launch it. From the second tab, update it. 

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found. 

I'm signing out now but I will be looking for your feedback in 10 hours from now.

Good luck

mihneabulu · Answer

Hello,

I have just finished scanning, and everything worked great, just as you said. Just one thing, just as I had said before, I cannot connect to the internet, and update it. I found about ten viruses, Everything worked, but my computer still seems to be very slow and glitchy. My network connection still is connecting to the wireless network, but has errors with the internet. Also, it takes a very long time to log on, restart and do mostly anything while in windows. 

Here is the report:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

10/18/2011 9:08:35 PM
mbam-log-2011-10-18 (21-08-30).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 312794
Time elapsed: 36 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Scvhost.exe (Backdoor.Bot) -> Value: Scvhost.exe -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\couponalert_2pei\Installr\1.bin\2pEZSETP.dll (PUP.FunWebProducts) -> No action taken.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
c:\program files\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.

Anonymous User · Answer

You did not scan mbam properly

After mbam scan finishes,check mark all the infections and remove it,paste the clean log 


Run this eset online scanner

https://www.eset.com/?country=FR&path=/us/online-scanner

Now run this tdsskiller,let us know if it finds hidden files

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

Post the logs ,ambucias will analyze the logs soon

Ambucias · Answer

Now it's time to run SDFix in safe mode

Good luck

mihneabulu · Answer

Hello Again,

First to sundar7701:

I scanned with MBAM again and got no viruses.

I first tried the eset online scanner, but I had no internet access which was needed to install the program.

I used the tdsskiller and a threat was detected.
It was called: Rootkit.Win32.ZAccess.g and I "cured"? it. (Log at end)

Then, after I restarted it...MY INTERNET CONNECTION WORKED

So, I used the est online scanner from before, and scanned my computer. Still scanning, but found like 6 threats in Win32/Registry Booster Aplication and one in a variant of java/Agent.DU trojan. 

I also updated MBAM and going to scan it again with the updated version
 
Log too big, so I did the speedy share thing: http://www.speedyshare.com/files/30830039/TDSSKiller.2.6.11.0_19.10.2011_15.48.10_log.txt

To Ambucias:
After all this is done, I will scan with the other program

Thank you you guys so much
(by the way, how are there soooooo many viruses on my computer!!!)

Ambucias · Answer

mihneabulu,

I'm happy that the TDSSSkiller worked.  There is no need for you to run SDFix as it would do almost the same or almost the same job as TDssskiller.

If you clear and delete the previous ZHP Diag from your machine, I will glad to analyse a new one to ensure that every thing is honky dory.  If you do not delete the previous log, you may post it again.

I will let Sundar answer about about so many viruses on a computer. 

My question to you is which antivirus application do you have now?

Best regards to you and Sundar

mihneabulu · Answer

Thanks for all your help!!
I have Microsoft Security Essential, but I see that it is not the best. Which one do you recommend I use? I really don't know which one would do the job best.

Here is the new ZHP Diag document:
http://www.speedyshare.com/files/30832258/ZHPDiag.txt

Here is the ESET Log:
http://www.speedyshare.com/files/30832259/ESET_Log.txt

How should I delete azureus? Is there anymore useless junk I have on my computer that could "disappear."

And is it safe now to run my computer in normal mode, and how should I proceed in fixing things to normal?

mihneabulu · Answer

I'm Back, (Again:)

I think the last MBAM scan did the trick. I got one virus, but my computer is running great! No more errors! YAY!

Her is the log file:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7985

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/19/2011 10:56:12 PM
mbam-log-2011-10-19 (22-56-12).txt

Scan type: Full scan (C:\|E:\|F:\|)
Objects scanned: 329070
Time elapsed: 2 hour(s), 46 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\Scvhost.exe,C:\Windows\system32\Scvhost.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Anonymous User · Answer

@mihneabulu  


Let us finish the virus issue first.  

There are still infections to clean.
Userinit infection is still persisting,you did not post the tdsskiller clean log.I want you to try rebooting once or twice and run tdsskiller.

DO NOT SKIP HIDDEN FILES(Tdsskiller may automatically skip hidden files) You need to manually click on delete option)

Post the clean log of tdsskiller

There will be traces of zero access rootkit which requires another troubleshooting.

Ambucias will help you soon

Ambucias · Answer

I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system. 

To keep your system safe, you must follow the instructions hereunder to the letter: 

First step, boot your system in safe mode with networking

1. Download Combofix to your desktop. 

http://www.combofix.org/download.php 

2.Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. 

3. Double click on the ComboFix icon. 

Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue. 

4. Accept the disclaimer and the recovery 

5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer. 

ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. 

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. 

If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. 

During the process, please do not mouse click nor must you tap on the keyboard.  Let the tool run.

Once you are done, report to me on how your system is behaving. 

Good luck 

Ambucias

mihneabulu · Answer

Hello,

I finished scanning and when it restarted I got the document. I closed it for a while and when I opened it up again, I got the error below. Then when I tried opening any other program I got the same message, and a message about deleting it because it was not found.

"The location of it"
Illegal operation attempted on a registry key that has been marked for deletion.

So, I cannot give you the log from combofix, but it did have like 6 or 7 viruses found. Whats next:)

Ambucias · Answer

I would like to know how your system is behaving and also another ZHP Diag log.

Anonymous User · Answer

@mihneabulu 

Illegal operation attempted on a registry key that has been marked for deletion.  

THis is common error which comes after running combofix.I would recommend you to boot twice or thrice to see the issue disappears.If the error remains try this 

Boot into safemode 

Go to run and type 

sfc /scannow 

Let the scan run and reboot into normal mode .If you face this problem while running the command,create a new account and run it 


 if that solves the problem 
Please attach your mbam log and CF log in your next post

Ambucias · Answer

@Sundar

Please stand-by!

@mihneabulu

There are still some malware which has overridden your MS Security.

We will do some manual deletion:

Go into safe mode to overide and evil processes.

For this part, you must ensure that you copy and paste the very exact same thing.  Always check twice.

1. Click start and then run, type regedit and okay

2. Press ctrl+f to open the search window.

3. Type metastream

press ok to begin the search, once an item is found, please ensure that it contains the exact same words as you typed.  

Everytime an item is found, press del and confirm your choice.

Press F3 to continue the search and delete the items found until no more are found.

4. Once completed, click on edit and again on search

Type metastream and okay

Repeat the procedure above until no items are found.

5. Right click on start and open Explorer.

Delete the following files:

C:\Program Files\Viewpoint\Common\ViewpointService.exe    

C:\Program Files\Viewpoint    

C:\ProgramData\Viewpoint    

6. Go to your control panel add-remove program and ensure that Viewpoint Media Player is removed.

7. Reboot and again go to your control panel, Ms security centre and ensure your firewall is activated.

Please do let me know

mihneabulu · Answer

I can feel I'm almost there.... But a couple of problems:

To sundar:
I did as you said and the error is gone. Still cant open windows defender because "This program is blocked by a group policy.

Here is the combofix log:
http://www.speedyshare.com/files/30858156/ComboFix.txt

Deleted mbam, so what log should upload?

To Ambucias:
I did the first part you told me with redgit and metastream, but only found one file and deleted it. Maybe I did something wrong? I also already deleted MSE as soon as my computer was running well enough, and all the other antivirus that I used, including clam. No I have no antivirus. Should I install avg? And is it for 64 bit because I have 32.

And to both of you, how should I delete those weird programs like Azureas and Surperantispyware and E- Set online scanner that you guys keep telling me about.
THANK YOU GUYS SOOO MUCH!!!

Anonymous User · Answer

For windows defender issue try this

Open regedit and navigate to

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender

On the right pane,you will have 

disable antispyware value ,just delete it

Restart the PC

I asked you for mbam log because i wanted to check your userinit value
but i noticed that it looks clean in your zhpdiag log. 

For other issues,ambucias will guide you through before proceeding with uninstalling softwares

Ambucias · Answer

Gentlemen please!  There are too many cooks in the sauce!  Lets solve one thing at a time.

@mihneabulu

I told you that Windows Defender was overridden and that's what we are trying to repare.

I believe that I gave you the link to download and install AVG and I don't know where you got the idea that it is for 64 bit.  The link number is 64.

https://ccm.net/downloads/security-and-maintenance/6953-avg-antivirus-free-for-pc/

You deleted MSE?  Why?

1. On you desktop, you have a short cut ZHP Fix, double click on it.

Copy and paste the following:

HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified 

 HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Media Player
pViewpoint.dll 
HKLM] -- ViewpointMediaPlayer    
HKLM\Software\MetaStream
HKLM\Software\Viewpoint
HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
HKLM\Software\Classes\axmetastream.metastreamctl
HKLM\Software\Classes\axmetastream.metastreamctl.1
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlaye

2.Click on H

3. Please send me a report

4. We will deal with the other issues later.  We will get the virus out first.

See you in the morning

mihneabulu · Answer

@Ambucias

I deleted MSE because you said it had a problem, I can reinstall it if it would help. Sorry;)

The AVG thingy would just open up a black window and close very quickly. Was that supposed to happen? Should I search it and download it from another site?

The ZHP Fix worked, I think. Here is the log:

Rapport de ZHPFix 1.12.3365 par Nicolas Coolman, Update du 18/10/2011
Fichier d'export Registre : 
Run by MIHNEA at 10/21/2011 6:48:36 PM
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Registry Data Items ==========
REPLACED Value AntiVirusOverride :   Good (0) - Bad (1)

========== Other ==========
NOT SUPPORTED [HKLM] [@viewpoint.com/VMP] - (.Unknown owner - MetaStream 3 Plugin r4.) -- C:\Program Files\Viewpoint\Viewpoint Media Player
pViewpoint.dll
NOT SUPPORTED [HKLM] -- ViewpointMediaPlayer
NOT SUPPORTED [HKLM\Software\MetaStream
NOT SUPPORTED [HKLM\Software\Viewpoint
NOT SUPPORTED [HKLM\Software\MozillaPlugins\@viewpoint.com/VMP
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl
NOT SUPPORTED [HKLM\Software\Classes\axmetastream.metastreamctl.1
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
NOT SUPPORTED [HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
NOT SUPPORTED [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlaye


========== Summary ==========
1 : Registry Data Items
10 : Other


End of clean in 00mn AMs

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 10/21/2011 5:47:19 PM [1328]
C:\ZHP\ZHPFix[R2].txt - 10/21/2011 6:48:36 PM [1328]

Ambucias · Answer

mihneabulu

I said that MSE was overridden which mean that the Malware disabled it to be able to get into your system without being blocked.

Leave it uninstalled for now and please ask before taking any other initiatives.

Before we get your system a fresh new start on life, I would like to make sure that there are no traces of Metastream, Viewpoint and Azureus left.  We will then be able to install AVG.  You can delete AVG from your desktop for now.

1. Download and install CCleaner and use it to clean:

a) all of your temporary files (first icon in the left column)

b) Click on the tools box and then on the applications tab, if you see any of the following: Viewpoint, MetaSteam, Azureus, Malwarebyte, Superantispyware, remove them using that tool. (if you see any other unusual application, let me know)

2. Download, install and run this totally free yet very efficient registry cleaner :

https://www.eusing.com/free_registry_cleaner/registry_cleaner.htm

Click on scan and leave it run

In your case, you may get from 30 to 1,000 registry errors

Once the scan is finished, click on repair.  Eusing free will delete the errors but make a back-up in case of need.

3. Delete any previous ZHP Diag report you have and generate a new one for me on Speedyshare.

See you later alligator

mihneabulu · Answer

@Ambucias Sorry for my initiative....really didn't mean to make a problem I am already using CCleaner, so I didn't need to download it. On the uninstall list there was none of those programs, but on the applications tab of the cleaner window, an application called Vuze appeared, and I can swear I deleted it a long time ago, but it doesn't appear in my uninstall list. Also, another application, (game) called Civilization IV won't uninstall. I've had this problem for a while and searched it a while ago, but I gave up after at least 3 attempts failed to uninstall it. If you can help, here is what I get when I try to uninstall: The first thing it tells me is that I should contact my vendor: firax games Here is the link I get sent to but I have to do something for you to be able to see it, so I just copied it: Server Error in '/' Application. Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL. Here is the code on the error message: Error Code: -5004 : 0x80041f42 Error Information: *C:\Program Files\Common Files\InstallShield\Professional\RunTime\12\00\Intel32\iKernel.dll >inc\CoCreate.cpp (44) >SetupDLL\SetupDLL.cpp (1390) PAPP:Sid Meier's Civilization 4 And while using Eusing free, I got 2000+ registry errors and repaired them, no problem. Thanks :) :)

Ambucias · Answer

mihneabulu,

You have sent me the very same log as before showing the same infections.  You had to clear all previous reports stored by ZHP Diag.

If you must completely uninstall ZHP Diag and reinstall it again.

mihneabulu · Answer

@Ambucias

AVG 2012 is working great. Here is my ZHP Diag, sorry about that, don't know what happened:
http://www.speedyshare.com/files/30875122/ZHPDiag.txt

And still can't uninstall Civ IV, even with Revo same problem as before

Thanks

Anonymous User · Answer

mihneabulu 

http://download.microsoft.com/download/8/3/D/83DA9B2F-3246-4C1E-996B-1381F667247D/MicrosoftEasyFix50202.msi

Download and run this

There are two modes

Default and aggressive

Use default one first.If that doesnt work try aggressive one.

Let us know how it works

Ambucias · Answer

We still have some adware traces:

Please lauch ZHP Fix and paste the following:

 [HKLM\Software\MozillaPlugins\@viewpoint.com/VMP] 
 [HKLM\Software\Viewpoint]    
C:\Program Files\Viewpoint    

Click on GO

Uninstall the following applications:

ESET Online Scanner
SUPERAntiSpyware.com®SUPERAntiSpyware
Alch®ClamWin Antivirus
ClamWin®AntiVirus

mihneabulu · Answer

@Sundar

I tried the fix it tool both ways, but no improvement with both. Windows update still will not update. Any other suggestions?

@Ambucias

I used ZHP Fix and here is the ZHP Fix report:

http://www.speedyshare.com/files/30883524/ZHPFixReport.txt

For some reason, these applications do appear in Revo uninstaller or anywhere when I look on my computer.

Ambucias · Answer

mihneabulu,

Thank you for the ZHP Fix log.

Looks okay now and your Windows update should work by going to all programmes and then to Windows update. (ZHP Diag did not show that it needed updating,  however, all of your software which is Apple related can use an update.)

I would appreciate your communication in the instructions I have sent to you.

1. Did you ensure that your Windows Firewall is activated ?

2. Did you delete the antiviruses applications I mentioned before?

If you did everything that I recommended and that 

a) you system is running smoothly, 
b) that your firewall is on

I consider that my virus job is done

Best regards

mihneabulu · Answer

Thanks for all your help Ambucias and Sundar. I activated Windows Firewall and deleted the applications, but I don't know why you still see them. You guys made run better than before the actual virus, which I didn't think was possible. Thank you again so much.

Ambucias · Answer

mihneabulu,

You are totally welcome.

If you look at your ZHP Diag log you will see the applications.  Mind you, it took me between 30 to 45 minutes to examine and analyse each report you sent me.

Au revoir

Major Virus Problems

33 responses

Similar discussions

Subscribe To Our Newsletter!