Ive Got A Virus Again

Can you see a Java Plugin option in Control Panel? I'm guessing if you can't you are using M$'s Java VM

Try this instead:

Go to Start-->Run, and copy and paste the following into the box:

RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall

And hit enter and close.

Then delete these files/folders:
C:\Windows\Java\
C:\Windows\Inf\java.pnf
C:\Windows\System32\jviw.exe
C:\Windows\System32\wjview.exe

Then go to Start-->Run, type "regedit", navigate to and delete the following entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\AdvancedOptions\JAVA_VM

Then go here: http://www.java.com/en/download/manual.jsp and install the Sun Java RTE

Once installed, go into Control Panel-->Java Plugin, click the cache tab, and un-check enable caching.

Sorted

Housecall doesn't work with Firefox at all unfortunately

Do what I said above and try IE again to use Housecall, but IE may have been hijacked by some spyware, hence the error.

Forgot to add, reboot before installing Sun Java. (and turn off system restore too)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExpl
orer\AdvancedOptions\JAVA_VM


Ive just gone and deleted the whole Internet Explorer Folder on this one! Shit!

I take it thats bad. Is there anything i can do? :spangled:

Did you turn off system restore already? If not, that may work - otherwise you'll have to do a repair of windows from the cd. Only if there is a problem though

Java Plugin doesnt appear in my Control Panel.

What do you mean? Have you uninstalled M$ Java VM and installed Sun Java? Are you looking at Control Panel in classic or category view? You'll want classic, select on left.

Found it now, in Classic View. But there isnt a cache tab.

Its calling it Java and not Sun Java like you keep calling it. Have i installed the right Java? I just clicked on the first one on the download page.

It's the right Java - it's made by Sun Microsystems, why I'm calling it Sun Java. I may be referring to the cache in an earlier version, sorry

Under the general tab, where it says temporary internet files, click settings, click view applets, and you can disable cache in there.

third time Sorted.

Still cant get Housecall working on IE.

When i open IE, AVG still keeps blocking these two viruses. So i think theres still a problem.

Could you post up the locations of the files that AVG are detecting are infected?

Also, if you go back into the Java Plugin thingy and delete the temp internet files - that may help.

Right, i started IE again, and it came up with these two.

C:\WINDOWS\mfccz32.exe
C:\WINDOWS\sdkjc.exe

It actually comes up with different ones each time. I checked in the Virus Vault. But they are always in the same location and always the same size, 11.12kb and 32.62kb.

They're viruses/trojans (not just exploits like byteverify), they'll also be in the registry so running at startup, why you can't use housecall - giz a wee while to find out removal

Download HijackThis: http://www.majorgeeks.com/download3155.html, and unzip it to a folder directly on the C drive, eg: C:\Hijack\ - you must make sure it is unzipped and not running from a temporary folder

Then open it and select 'do a system scan and save the logfile', save the log somewhere you can find it, close hijackthis, and copy and paste the contents of the log here.

I'll run through it but I may not be able to tell you what to do next until tomorrow.

Cheers Dodge.

No worries - keeps me busy

Your 'majorgeeks' link doesnt work.

http://www.majorgeeks.com/download3155.html - i put the comma at the end, soz

Ive extracted it onto C:\ but when i open it, it tells me its started from a temporary folder.

Have i done something wrong here?

You need to extract HijackThis from the zip file - easiest way is to go into the zip folder, right-click on the program and select cut - then go to the C:\Hijack\folder and paste, so it is no longer inside a folder that is zipped, then run it

Or, if you're using winzip or winrar, you need to specify a location to extract it to, or it will extract to a temp folder.