Norton fails to remove malware

Okay. After work [in an hour an a half] I shall do such. Safe mode without networking, I presume?


Kain_Ceverus wrote:
Okay. After work [in an hour an a half] I shall do such. Safe mode without networking, I presume?

Yeah, without networking would be fine.

Sorry to hear about the migraine. I get them too, so I truly sympathise.

 

With autoruns when you untick a line, it is automatically relocated in a safe location within the registry. The line in autoruns will always show up and when you tick it again to activate it, the entry is pulled back from the safe location. So there is no need to quarantine.

If you want an extra security - take a copy of the registry using a third party tool Erundt.

 

As to the 37 registry entries you are clearly infected with the mywebseach adware. I do not understand why these are not being removed. Check autoruns carefully and turn on and turn off "hide microsoft entries". You should start with these turned off, but if you do not locate something else relating to IE toolbars etc then turn on microsoft entries and re-examine.

 

3 Likes

In regards to MyWebSearch, from the HJT logs provided, you don’t seem to have the MWS toolbar or the mwsoemon.exe installed or running, most of those entries described by you are probably left over from a previous installation. Malwarebytes can clean most of these up.

 

Run Malwarebytes again, (refer to this), and also you should then be able to get rid of those registry entries using a good registry cleaner, try Advanced Windows Care or CCleaner.

Message Edited by johna on 08-26-2008 12:22 PM

Hi Nik

 

Don't worry, with the help of some contributors here we should be able to fix this for you.

 

Please have a look at this, and if as I think it is your situation, follow the removal instructions. Where they talk about 'hijackthis' (HJT), you can download it from here. If you get stuck anywhere come back and let us know.

 

If this does not apply to your situation, download and run Malwarebytes' Anti-Malware, update the definitions and run a full system scan with it.

 

Let us know how you get on and we can go from there.

 

John

 

Edited for clarity.

Message Edited by johna on 08-24-2008 05:30 PM
1 Like