Expert: Brian Benosky - 1/20/2011

Question
QUESTION: I have a COMPAQ PRESARIO R3306US laptop with WINDOWS XP and AVAST free antivirus until 8/3/20011.  Yesterday I saw for the first time a warning from PALLADIUM PRO telling me of some risks, and, wanting to know how much the remedy would cost ($99.90 for life-time license), now I get the more serious warning (from PALLADIUM PRO)saying:
"The application iexplore.exe was launched successfully butn it was forced to shut down due to security reasons.  This happened because the application was infected by a malicious program which might pose a threat for the OS.  It is highly recommended to install the necessary heuristic module and perform a full scan of your computer to exterminate malicious programs from it."  Then I have two choices: 1)install the full version with the required modules, and 2)continue unprotected.  But even when I choose CONTINUE UNPROTECTED, I can not log into the internet, but the aforementioned warning reappears in the same desktop page.  
Also, my laptop does not turn off when I depress the swith, but the desktop page remains.  If I depress the switch for about three seconds, the laptop says it goes into hybernation and then it turns off.
Today I ran an AVAST full system scan with the result in the SCAN LOGS page, of VIRUS FOUND, and with the following details:
         FILE NAME          SEVERITY      STATUS
C:Documents and Setti...palladium.exe  High  Threat:Win32:Malw..
C:WINDOWSFontscouf1257.fon          Error:Data error (cy..
C:WINDOWSFontssere1257.fon          Error:Data error (cy..
C:WINDOWSFontsserf1257.fon          Error:Data error (cy..
C:WINDOWSFontssmae1257.fon          Error:Data error (cy..
C:Documents and Setti...palladium.exe  High  Threat:Win32:Malw..
For the first and last line I chose the DELETE action and, as a result, "ACTION SUCCESSFUL" appeared.
Still not knowing the SCAN LOGS information, I ran a quick scan, and, again, it days, under RESULT, in the SCAN LOGS page, VIRUS FOUND, and there is one line of deatail, which is:
C:System Volume Info...A0010345.exe  High  Threat: Win32:Malw...
I also chose the DELETE action, and, again, "ACTION SUCCESSFULL" appeared.
Still not knowing the SCAN LOGS results I ran an AVAST full
system scan again, the report being SOME FILES COULD NOT BE SCAN..., and the details being the following four lines:
C:WINDOWSFontscouf1257.fon          Error:Data error (cy..
C:WINDOWSFontssere1257.fon          Error:Data error (cy..
C:WINDOWSFontsserf1257.fon          Error:Data error (cy..
C:WINDOWSFontssmae1257.fon          Error:Data error (cy..
Which are exactly the same as the second, third, fourth and fifth lines of the first full system scan.  (Only the first and last lines disappeared).
I hope you can figure out the problem and tell me what I should do.  NORTON ANTIVIRUS 2011 costs $39.99, and I have seen other antivirus software for less.  I hope your knowledge helps.
Sincerely,  Andres Ruvalcaba.

ANSWER: Hello Andres

I'd be happy to try and help you clean things up.  Please download Malwarebytes' Anti-Malware to your desktop from here:
http://majorgeeks.com/download.php?det=5756
Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end of the install, Malwarebytes will perform an update to it's definitions.
* Once the program has loaded, select Full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.  Please save it to your desktop.

Next, please download TrendMicro HijackThis! from the following link:
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
* Save HJTInstall.exe to your desktop.
* Doubleclick on the HJTInstall.exe icon on your desktop.
* By default it will install to C:\Program Files\Trend Micro\HijackThis.
* Click on Install.
* It will create a HijackThis icon on the desktop.
* Once installed, it will launch Hijackthis.
* Click to do a scan, then save that log and copy it to a follow-up to me, along with a copy of the Malwarebytes' Anti-Malware log.


Brian

---------- FOLLOW-UP ----------

QUESTION: Thank you very much for your repply.

Before attempting to follow your instructions, I first turned the laptop off from the place that appears before the desktop appears, and then I tried to log on to the internet, and it did! ( I performed a system restore, but the result was SYSTEM RESTORE INCOMPLETE).

But I do not know much about operating a computer, (it was my nepheew who installed AVAST free antivirus for me), and I would like to ask you how do you download the Malwarebytes' Anti-Malware to the desktop? and what do I do with the website address
http;//majorgeeks.com/download.php?det=5756
that you indicated? (since there seems to be no place in the desktop for typing it).
And now that I am at this, what kind of information does the log from Hijackthis provide?

I hope you are also glad since my laptop works again, and that you answer my questions.

Sincerely,  Andres R.

Answer
Hello Andres

I am happy that your internet is working again, but it seems there are still issues to resolve.  The HijackThis (HJT) log tells me the processes currently running on your system, good and bad.  This aids in determining what fixes should be applied.  Malwarebytes' is a general purpose malware removal tool, and is usually the first program used to fix any malware problem.  Instructions for downloading and installing can be found just by clicking on the link below:

http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malwa

If you are unable to click the link, copy and paste the address above into your browsers' address box and hit enter.  I hope that answers your questions.

Brian