GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

SolutionClass.pws is destroying my computer

View previous topic View next topic Go down

SolutionClass.pws is destroying my computer

Post by iloveyoumrfrodo on Sun Mar 22, 2009 1:15 am

I've seriously been fighting this off for about a month, alternating between Spybot Search and Destroy and Malwarebytes' Anti-Malware, but alas it has been a losing battle. I would follow my friend's advice and just wipe my hard drive, but there's nothing more depressing than taking all the time to do that just to find the same virus coming back again. I can't even post the entire log, it says "The posted message is too big." There are literally over 200 processes in my C:\DOCUME~1\Joshua\LOCALS~1\Temp\ folder. Please PLEASE help me, thank you for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:44 PM, on 3/21/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\TrayIcon.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\WINDOWS\TEMP\winlogqn.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\JCDOnEt1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
O2 - BHO: solution Class - {99c6d1bb-7555-474c-91da-d8fb62a9cc75} - C:\WINDOWS\System32\0A66f024.dll
O2 - BHO: (no name) - {c5bf40a2-94f3-42bd-f434-1604812c8955} - (no file)
O2 - BHO: (no name) - {c92c5f51-14c5-ef3a-4064-cd2284b3cd37} - C:\WINDOWS\ewequfirawaxoz.dll (file missing)
O2 - BHO: (no name) - {cb3ce684-dc59-4d32-8be8-ca943460a112} - C:\WINDOWS\System32\tovevufe.dll
O2 - BHO: (no name) - {e3ea1b31-fed4-418e-9535-1731be9e438c} - C:\WINDOWS\System32\capesnp.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kjahrfoi37rljanfaw3il7fhjd3f] C:\WINDOWS\TEMP\winlogqn.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [CPMf7729163] Rundll32.exe "c:\windows\system32\sejigowe.dll",a
O4 - HKLM\..\Run: [f441a2ff] rundll32.exe "C:\WINDOWS\System32\jawohame.dll",b
O4 - HKLM\..\Run: [wiyugokege] Rundll32.exe "C:\WINDOWS\System32\fihenihi.dll",s
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [SpybotDeletingA3598] command /c del "c:\windows\system32\sejigowe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4396] cmd /c del "c:\windows\system32\sejigowe.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6843] command /c del "C:\WINDOWS\System32\jawohame.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8070] cmd /c del "C:\WINDOWS\System32\jawohame.dll_old"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [zl57repjdtu8bzvlj] C:\DOCUME~1\Joshua\LOCALS~1\Temp\fybqw1yosr.exe
O4 - HKCU\..\Run: [y1b2f6ox9x353kinf0cp73p] C:\DOCUME~1\Joshua\LOCALS~1\Temp\d6l6ct.exe
O4 - HKCU\..\Run: [x9sdkv1hv8n17citpt92ypyzm3] C:\DOCUME~1\Joshua\LOCALS~1\Temp\ady5788bu0u.exe
O4 - HKCU\..\Run: [ghoefq8zwxw0wv98clq7uyf133ep590365] C:\DOCUME~1\Joshua\LOCALS~1\Temp\sryxvq44agvxg.exe
O4 - HKCU\..\Run: [f7l419tk8p5t8kct1k52tuig] C:\DOCUME~1\Joshua\LOCALS~1\Temp\rzo8qc.exe
O4 - HKCU\..\Run: [h4jf1odfd4x0jhsq1dc8czn7ru] C:\DOCUME~1\Joshua\LOCALS~1\Temp\opz5bdau.exe
O4 - HKCU\..\Run: [q2vb8yx0drbam5nhivr14e5ogexyyrsuoip1] C:\DOCUME~1\Joshua\LOCALS~1\Temp\mq2suene.exe
...
O4 - HKCU\..\Run: [dp6uli5tvsx8ki0qmxofef8pibbkcwzu] C:\DOCUME~1\Joshua\LOCALS~1\Temp\u6jw4ypamq.exe
O4 - HKCU\..\Run: [jvbl02ic7imxjkh4qyjil3] C:\DOCUME~1\Joshua\LOCALS~1\Temp\c5is6tvly.exe
O4 - HKCU\..\Run: [rjqtaxmsvsoawpmsr90yf0ekbk2gkx1uydqmo] C:\WINDOWS\TEMP\ixxnhboy9yjne.exe
O4 - HKCU\..\Run: [wqcs8qcuahqcqxgiyb293m0jovj1il34y9pa3] C:\WINDOWS\TEMP\jsuy3v5uc.exe
O4 - HKCU\..\Run: [udj7frwj2zdha1b6ns2vtogmjay] C:\WINDOWS\TEMP\its0skc.exe
O4 - HKCU\..\Run: [qp724ds7n1ftjj9eixsq4casrilaz24qtr5] C:\WINDOWS\TEMP\vduwlngz4c5d3.exe
O4 - HKCU\..\Run: [q56g58rbh0kgk9gq8] C:\WINDOWS\TEMP\wvwgsya866t6n.exe
O4 - HKCU\..\Run: [vatcci3q08ravwanqppq5cfkve2haotqkccigzk5zd] C:\WINDOWS\TEMP\hi7ceindw.exe
O4 - HKCU\..\Run: [akajfs2iofq] C:\DOCUME~1\Joshua\LOCALS~1\Temp\k1dk9lfwnys.exe
O4 - HKCU\..\Run: [ew01j6erf69b4j9g0dvzdyf6f5gxbzk25p8xm0d50] C:\DOCUME~1\Joshua\LOCALS~1\Temp\o2d26igo.exe
O4 - HKCU\..\Run: [p2muth5fum32vhwpbr02iecv3wsqigh] C:\DOCUME~1\Joshua\LOCALS~1\Temp\ylaakq.exe
O4 - HKCU\..\Run: [ek6r1r81zo] C:\DOCUME~1\Joshua\LOCALS~1\Temp\g40d0zmlv.exe
...
O4 - HKCU\..\Run: [xgdx5cegbq97sa91kuwem5mb6lqmi1] C:\DOCUME~1\Joshua\LOCALS~1\Temp\b987ypm4uxik.exe
O4 - HKCU\..\Run: [xvrl36gy766ces1jhcm7oa86pvm4baqzooitomg8tmm] C:\DOCUME~1\Joshua\LOCALS~1\Temp\yydgq0g8x.exe
O4 - HKCU\..\Run: [ymnjg8uoqhakc970inazorolvo14ka7u1fgul] C:\DOCUME~1\Joshua\LOCALS~1\Temp\yvnb85msfdb.exe
O4 - HKCU\..\Run: [l5jtzrolxhpt] C:\DOCUME~1\Joshua\LOCALS~1\Temp\dborqdylvkl.exe
O4 - HKCU\..\Run: [ooyrv3cxnzq9ezt077jab367qqtkassvmob0x] C:\DOCUME~1\Joshua\LOCALS~1\Temp\zmcqdhlq8.exe
O4 - HKCU\..\Run: [moqhxfpagz962utfhsxkkx4l7pcjxjg27u54e] C:\DOCUME~1\Joshua\LOCALS~1\Temp\gq2v5a.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3210] command /c del "c:\windows\system32\sejigowe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6393] cmd /c del "c:\windows\system32\sejigowe.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3569] command /c del "C:\WINDOWS\System32\jawohame.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD204] cmd /c del "C:\WINDOWS\System32\jawohame.dll_old"
O4 - HKUS\S-1-5-18\..\Run: [lh1y64xrx5z5yh0t0r6m87xwy69qr0aas07ma1nn7] C:\WINDOWS\TEMP\l6kkl2bmm0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uz3g464l5kizxyg4tch76515klo] C:\WINDOWS\TEMP\to0gnxygy.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ygjl30eqw90yv98b7s1xyiil8r580e2wb1z5] C:\WINDOWS\TEMP\b9m7gt2q7ak0d.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ytbud6pyn0kv7qffbd9zlp1wq3odkk5lvsao76esoj6gfcb2h] C:\WINDOWS\TEMP\wz7i3eqjhel9.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ozdltqtf9o8pqwbt5g6ktjbw9rg9ggns5p] C:\WINDOWS\TEMP\k219zwodt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [p9413dl3ciqpavjnapqeb3bjojgtowquly6] C:\WINDOWS\TEMP\wqcr41f4h6.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [rnrhbj0tgwgpkmhbrsbj57a4htq3u8j6oz60] C:\WINDOWS\TEMP\i0vjdg44z8bl.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mmumz5otr0w] C:\WINDOWS\TEMP\fc8joyu0kou7c.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [q7a08dw6ub7w5afs3l4k6nvi] C:\WINDOWS\TEMP\q1rkvf2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [so5ahcqw6zilu5m3wqp0lt72ol] C:\WINDOWS\TEMP\ix4llkvf34rsm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wxk77i56ttmoxc0vsxcsgrbx71hjov] C:\WINDOWS\TEMP\wb3guph4.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tw5e9er4j8jf751gt6ivmjcjy9b0bajovvk6tgjy838tcbl] C:\WINDOWS\TEMP\e07sqn6yqad.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ovzx10sjhgbv] C:\WINDOWS\TEMP\douyw7.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ndjh1wyyd6hz6gqvd024] C:\WINDOWS\TEMP\q0rqchm7v.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [wxelivuva2qn] C:\WINDOWS\TEMP\e5x73efg2e.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [g5oc3ca980vvb6aicaibqs6wcarr1a2] C:\WINDOWS\TEMP\c0dzpy.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [zz10jgreqkqdks8ewn4hknmc7tnp5pdhpaq12jdv] C:\WINDOWS\TEMP\eyfkkhnbjvg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ne86ij2utioj] C:\WINDOWS\TEMP\qvc8h5p.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [eigd3a5ckg8tlz89ci1blohyl] C:\WINDOWS\TEMP\x2h3rb0nl5utg.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ix4mpbkjq9iukb96wfyv47ykoqbev8lj] C:\WINDOWS\TEMP\kvec3vgs.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [o9wmyckuiyjlxwq079n4i1vfv] C:\WINDOWS\TEMP\u1nsmjbbz6uej.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [jj8zw7ty8f4] C:\WINDOWS\TEMP\kiwkislhs4k3x.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mtaweprf2mhj] C:\WINDOWS\TEMP\i5vh2vf0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uryai8cjeolirus4wild3r2z496y7wudu] C:\WINDOWS\TEMP\v8l8fb85.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [tke3gq1y39sc3i0xarzjhinf1p1ywgznt2gu26g5h] C:\WINDOWS\TEMP\q3jr09w2ty2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [lh1y64xrx5z5yh0t0r6m87xwy69qr0aas07ma1nn7] C:\WINDOWS\TEMP\l6kkl2bmm0.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Joshua\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: kgryij.dll wrtfgi.dll vmtgre.dll yhoejd.dll c:\windows\system32\lafokune.dll cxgkes.dll c:\windows\system32\sejigowe.dll,C:\WINDOWS\System32\neyivobu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sejigowe.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sejigowe.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 244791 bytes

iloveyoumrfrodo
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2009-03-22
OS : Windows XP
Points : 28123
# Likes : 0

View user profile

Back to top Go down

Re: SolutionClass.pws is destroying my computer

Post by Belahzur on Sun Mar 22, 2009 1:21 am

Hello.
Not to be mean towards you, but why didn't you seek help when this first started? for a month this has got worse and worse and now has done serious damage that we might not be able to reverse. Your machine has probably been responsible for others getting infected too. All this has happened because you aren't running ANY antivirus. Spybot/MBAM are antispyware and not antivirus.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: SolutionClass.pws is destroying my computer

Post by Belahzur on Sun Mar 22, 2009 1:24 am

Long post, couldn't fit this speech in my other post.

If you want to wipe the hardrive because of the damage already done, please let me know and I'll provide some information and links to help you understand and read on how to do so.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum