Remove adware.AdMedia and adware.BHO.GEN

The two viruses that keep showing on my computer are adaware related. Though there are many "removal" systems, they are not FREE. They'll run the scan, but don't actually correct the problems once they are identified. I'm in the process of getting rid of Security Tool.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Before installation was complete I shown a message that the download was a malware download. Are you for real?

The tool I am asking you to use is clean. The message that pops up saying that is not legitimate, but is a result of the Fraudulent security program bugging your computer.

Please continue with ComboFix.

I'm attempting to run this program again, as slash 1823 did last Wed. I will let you know the results.

States there is incompatiable operating system. Which I know you stated to not run the console in Vista, but it will not let me go any further.

Are you running 32 bit or 64 bit? Or not sure? If you let me know that, I will know how to instruct you further.

I'm running 64 bit . . . Vista.

That explains it. Thanks. That tool only works on 32 bit systems. Now we go with the alternative cleaning:

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I'm in the process of running the above scan today. I will reply back once it is complete. Happy Holidays!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Now what do I need to do? It said that 31 threats were found and remocved. The computer, internet, is running VERY slow!

Please download the Kaspersky AVP Tool from Kaspersky-labs.com.

• Save it to your desktop.
  
• Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• It will by default install it to your desktop folder.Click Next.
  
• Hit ok at the prompt for scanning in Safe Mode.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked:
  
  
  • System Memory
    
  • Startup Objects
    
  • Disk Boot Sectors.
    
  • My Computer.
    
  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
  
• It will automatically Neutralize any objects found.
  
• If some objects are left un-neutralized then click the button that says Neutralize all
  
• If it says it cannot be Neutralized then chooose The delete option when prompted.
  
• After that is done click on the reports button at the bottom and save it to file name it Kas.
  
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

What is this scan for? I also can not get rid of Registry Defense Agent, which downloaded itself while trying to get rid of Security Tools in the first place.

OK, I didn't see an area after the scan that showed a "neutralize" objects. Though I have the report saved, but can't seem to attach to this email?

\WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows. Please be aware that many of the tools we use for malware removal are designed for 32-bit systems (x86), which will refuse to work or can give misleading results when run on 64-bit systems. Anti-malware scanners have problems enumerating the drivers and services on 64-bit machines so they do not always work properly. Since this is the case, any assistance we can offer is limited.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I have been out of town and dealing with some bad weather, sorry I haven't been on to update. I've ran this scan once before, can't remember what it told me, BUT I'm doing it again and will send the results once it is finished.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

I still have a prompt everytime I start my computer to register Defense Agent. This was a program that was uninstalled, supposedly, when I got rid of Security Tools. Why wont this go away?