My boyfriend has been having some major issues with his machine.
To make a long story short, we thought we removed everything, and yet it is still showing us this blurb on the taskbar, stating "You have spyware infection".
We have come a long way from had bad it was. With HiJackThis I was able to remove: paytime.exe, yaemu.exe, spysherif, bxproxy, winstall.exe, secure32.html, and a few others. But, after doing that, his computer would no longer allow us to use the browser. IE wouldn't work, neither would Mozilla. They both gave a blank page, and nothing would happen when we typed in the address bar.
I hit system restore, and after doing that EVERYTHINg I got rid of with HiJackThis restored itself!! And not only that, suddenly HiJackThis was hidden! I had created a folder on the desktop, and after hiting that system restore, it dissapeared!! I made him a disk with Avast, Ewido, Avg, Ad-aware Se Personal, CWS Shredder, Start Page Guard, Panda, etc. With this disk we were able to run some of the programs and remove the baddies again.
AVG will not install completely. I forget what error message it gives, but it's being prevented from installing. When the internet was working, we were not able to get either the Panda site or the Trend Micro online scanner to work either. It was quite frustrating. There is noooo way to copy his HiJack, Panda, etc logs and post them here, because his computer won't allow me to use the internet for very long before ZoneAlarm says, "bxproxy, rzou, scvsmsg(?spelling might be wrong), are trying to access the internet". Once we click to deny them, it pretty much imbolizes the machine. Also, there's some thing on his machine called "SpyBlocs", claiming, and looking to be a legitamate spyware prevention program, but it seems to be taking over things. Right now it will not uninstall, due to some "unwise.exe" log file not existing? I wrote it down someplace, so if you need specifics about that I will try and find and post that later.
Oh, and we did TURN OFF System Restore, before using HiJackThis a second time.
SpybotSearch & Destroy found 62 Critical Objects, a few were MRU List and Tracking Cookie, but there was some other nasty ones listed saying High Risk, it allowed us to remove them. CoolWebSearch was there too.
For now, after I removed all I could with HiJackThis, Spybot Search & Destroy, and Ad-aware SE Personal, he is still finding the following when using other programs.
Avast Found: rzoum.exe Explains that it is malware, and then later is more thorough about it being a TrojanHorse, and something about it maybe having something in the system that keeps it from replicating itself, even though it's been removed.
Win32:Tsupdate-C [TRJ]
Win32HoaxAlarm - K [TRJ]
Ewido Found: filest3.dll
path C:/WindowsSystem32
Infection: Downloader.Deif.h
Panda Found: C:/Program Files/Common Files/PandaSoftware/PayShld/payprsv.exe
bm00003.exe
Also, what is "winstall.exe" it has no path on the startup programs you can see with msconfig.
Oh, and he has TWO hard drives, a D: drive and an E: drive. The E: drive has been showing NOTHINg, but a blank screen. Also his D: drive "drivers" folder is showing blank. Does anyone know how malicious the "rzou" Trojan is? Because, I cannot find ANYTHING about it online, anyplace. I was able to find some facts about the others, but zilch on this one. Is it new? Where could it have come from?
------------
Honestly, is there a way to CLEAN and completely repair this machine to top up shape, WITHOUT reformating? Without going to a REAL technicaian, since I an amature, and he's pretty much computer illiterate.
