Nestsky Virus

[crunchie]

Can you navigate to the C:\Users\Paige\AppData\Local\temp folder and delete everything in there.

Are you able to borrow a Vista CD from anyone? It has to be the same version as you have. Eg; Home basic, Ultimate etc.

[Thexy]

I deleted everything except hsperfdata_Paige in the Temp folder.

I can ask around and see if someone has one that I can borrow. Do you think I should just reinstall Vista to replace what I have now? Will that get rid of the viruses? What about just upgrading to Windows 7?

[crunchie]

What you end up doing depends really on how your PC is now.
If you are having major problems a reformat may be the way to go. If minor, a repair will probably suffice.
If you have already been considering Windows 7, now might be the time.
I have it here along with a 1Tb hard drive, but haven't found time to install it yet. Maybe tomorrow .

[Thexy]

Does reformat=all data erased? If that's the route that I have to take I guess it will have to be done. I performed a repair early yesterday but I guess it didn't help. I will ask around for CD's tomorrow, I am sure someone has to have one.

Well thank you so much for your help with this. I hope I didn't take any time away from you and hopefully you will get around to installing it soon. I wonder if it really is better. After ME and Vista Microsoft has me reconsidering the worth of a MAC.

Again, I really appreciate your help and assistance with this.

[crunchie]

Does reformat=all data erased? If that's the route that I have to take I guess it will have to be done.

Yes. A repair leaves your files intact.

I performed a repair early yesterday but I guess it didn't help.

I am sure I asked you a couple of days ago not to do something I hadn't requested. How did you do a repair without a CD?

I will ask around for CD's tomorrow, I am sure someone has to have one.

Well thank you so much for your help with this. I hope I didn't take any time away from you and hopefully you will get around to installing it soon. I wonder if it really is better. After ME and Vista Microsoft has me reconsidering the worth of a MAC.

Again, I really appreciate your help and assistance with this.

I used the pre-release Windows 7 and it is streets ahead of Vista imo.

[Thexy]

I am sure I asked you a couple of days ago not to do something I hadn't requested. How did you do a repair without a CD?

I didn't do a CD repair...I pressed F8 and did a repair thru there. On Dec 19 (the first day) I remember you asking if I did a restore and I tried both and the repair worked and allowed me to boot normal.

[crunchie]

Of course. I forgot it was a lappie .
So, what problems are you still having?

[Thexy]

It was..and those first 2 days stayed up pretty much the whole time. I thought that the more I let me laptop "sit", the worse the worm would get. Needles to say, with your assistance, I finally got a nice long nap in last night/today.

The only 2 problems that I see is that I am still being redirected in Google and my system is lagging a bit. I clear my Temp files and run Kaspersky pretty much every hour since I've installed it. I have attached the log..its very detailed..

[crunchie]

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Are you still being re-directed now?

[Thexy]

Yes, I am still being redirected. But it doesn't happen each time. I don't know if Kaspersy is deleting it and then it reappears from something else or what. I am getting a message saying that there is something (.dll) in my Adobe Shockwave folder so I'm guessing the redirect worm is being deleted but the "root" (?) is staying hidden in a folder. I'm not sure on how viruses actually work, but that's the only thing I can see happening if it is being deleted and nothing else has been downloaded.

[Thexy]

GooredFix by jpshortstuff (06.12.09.1)
Log created at 18:36 on 22/12/2009 (Paige)
Firefox version 3.5.6 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:24 22/12/2009]

C:\Users\Paige\Application Data\Mozilla\Firefox\Profiles\eaibke6f.default\extensions\
[email protected]oration [09:37 15/11/2009]
{08857884-66b6-48bf-82e4-b0eb89b5c47c} [06:37 18/12/2009]
{1b8cc170-8c85-11db-b606-0800200c9a66} [00:57 25/11/2009]
{20a82645-c095-46ed-80e3-08825760534b} [19:24 01/09/2009]
{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [04:25 03/12/2009]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [05:50 31/03/2008]
{97bceb59-cfcd-4b16-a863-b3f72cf9f196} [07:31 11/07/2008]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [07:15 27/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:05 12/06/2009]

-=E.O.F=-

[Thexy]

I was responding while it downloaded ;p

[crunchie]

Couple of things to try still.

Clear the Java Plug-in cache by:

• Clicking Start > Control Panel.
  
• Double-click the Java icon in the control panel.
  The Java Control Panel appears.
  
  
• Click Settings under Temporary Internet Files.
  The Temporary Files Settings dialog box appears.
  
  
• Click Delete Files.
  The Delete Temporary Files dialog box appears.

There are three options on this window to clear the cache.

• Delete Files
• View Applications
• View Applets
  
• Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  
• Click OK on Temporary Files Settings window.

==============

• Go to Start > Control Panel double-click on the Software icon > add/remove programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
• Select it and click Remove.
• Then Download and install the newest version from here:
• http://www.java.com/en/download/manual.jsp

==

Find out exactly which dll file is giving the problem and remove it.

[Thexy]

I uninstalled and re-installed Java via the link you provided. I deleted the Java folder before I reinstalled it because that is where a few bad scans were reported. I also deleted the npswf32.dll and np32dsw.dll files in the system.32 file folder.

So far, no more redirects, but my comp is still lagging. I noticed a lot of svchost.eve processes running in Task Manager. Does that have anything to do with a virus?

[crunchie]

Having multiple instances of svchost.exe is normal. Are there any that you can see that is using a lot of cpu time?