Hi I am new to your forum, need help with malware issue

David Franks · Sep 20, 2013

I need help with an issue on my Dell all-in-one running Windows 7. I was infiltrated with Conduit and Sweet Packs on my browser, and tried to get rid of it.

I tried Spy Hunter 4 but did not activate it. It found 500 some-odd things but they wanted $40.00 to just work on that one PC.

So then I tried Malware Bytes anti-malware. It removed 63 items. I went into safe mode with networking after that and removed some unwanted things, including Spy Hunter 4 (or so I thought).

Now all I get on startup is a box from Spy Hunter 4 asking if I want to update, revert to original settings or cancel.

No matter what I choose the screen comes back brown and nothing else happens.

Any ideas to correct this? it would be graetly appreciated.

-David

PseFrank · Sep 20, 2013

Hi David and welcome to Computer Help Forums.
I think that this will be a job for our Malware removal experts. Your thread will be moved to the malware removal forum for them to look at.

It will help the guys and also save you and them some time if you go to the link supplied just below and follow the instructions given. In the meantime I will send a message to the malware team.

Please follow these instructions:
http://computerhelpforums.net/threa...lware-removal-help-winxp-vista-and-win7.4818/

starbuck · Sep 20, 2013

Hi David

It found 500 some-odd things but they wanted $40.00 to just work on that one PC
Click to expand...

I'm obviously in the wrong job then.
Any program that will charge you to remove things has got to be a no no.
Plus i doubt very much if you have 500 things to remove.

It's simple enough and we won't charge you anything.

Step 1
Let's make sure that all of that Adware has been removed:

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

Click on the Scan button.

AdwCleaner will begin to scan your computer.

After the scan has finished...

Click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.

Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.

Copy and paste the contents of that logfile in your next reply.

A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 2
Now we'll check for any leftovers and sort out any remaining entries for that Spy Hunter 4:

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Step 3
You said earlier:

So then I tried Malware Bytes anti-malware. It removed 63 items.
Click to expand...

I'd like to see what was removed.

Start Malwarebytes AntiMalware.
Click on the logs tab.
The logs are date stamped ... double click on the log that showed the infection items.

It'll open in notepad.

Please copy/paste the report in your next reply.

In your next reply, please submit:
JRT .txt
AdwCleaner report
Both reports from OTL
and the MBAM report.

You may have to post them all over a couple of replies if they are too large for one post.

Thanks.