TechSpot

3 logs attached from 8 steps to virus & malware removal

By duneflyer
Dec 9, 2008
  1. There are my logs. Thanks!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please tell us what problems you're having? Throwing out 3 logs with no description of why leaves us a bit short.
     
  3. duneflyer

    duneflyer TS Rookie Topic Starter

    Oops. Sorry about that. I had posted it in another thread, and completely spaced it. I had the "facebook virus" You get an email from a friend saying "Look at this video" etc. And it sends you to a you tube Video. Click on the link and it asks you to download a flash update. I almost never (cant say never anymore) do it, and my instincts told me it sounded fishy, but I was bored and clicked it. (Stupid, yes)

    Almost immediately an email is sent out to everyone in my facebook acct. saying the same thing. It also took over my google toolbar. Anytime I would search for something, it would link it to a "virus cleaner" website. Everything else seemed to run ok.

    I started the '8 steps' and after the malabytes program, I couldnt use my browser any longer. All my other net based programs(pc anywhere, limewire, etc) that didnt use a browser worked fine. I found that something had inserted a proxy setting( it was 127.0.0.1 PORT 9090) into HTTP setting. I erased that and now the browser is working fine. As you can see by the completed logs, I did finish the 8 steps, and sent them to you all.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks. It's helpful to know what problems are being experienced.
    The Mbam log is clean-and it shouldn't be.
    SAS shows some malware and the Tracking Cookies

    But the most important thing I see is NO antivirus program!
    I note PCAnywhere from Symantec and a Service for Live Update. But no indication that Symantec/Norton is installed or running.

    There' no point in doing the cleaning if you don't get an AV program on the system: This is the first order of business:
    Recommended Free Anti Virus:
    Avast Free:http://www.avast.com/eng/download-avast-home.html
    or
    Avira Free:http://www.free-av.com/en/products/1/avira_antivir_personal__free_antivirus.html

    You have a wireless connection and mention visiting Limewire. You are a sitting duck to get malware. I advise you to do NO browsing until you get protection on the system and we remove the malware. You should also not use System Restore. Malware can get in the restore points and since the are protected files, the cleaning programs don't remove them. We will drop the old restore points when through cleaning.

    When you have downloaded and installed an antivirus program, please update and run a full scan

    When through, rerun Malwarebytes, SuperAntispyware and HijackThis and attach the logs.
     
  5. duneflyer

    duneflyer TS Rookie Topic Starter

    There is a antivirus program, I just didnt install it until after the logs. I have AVG 8.0.1. It scans daily, and any file downlaoded via limewire(which I rarely use), I always scan first. Also the malware log was clean because when the malware program shut down my browser for a couple days, I reran the malware when I got it fixed and that was the log from the second run. The first run DID have virus' removed. Ill attach that 1st log to this post.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm sure you understand that I can only work with what is given. And the log had no AV.

    As you see, Mbam did find some malware. Please follow the instruction in the last line of my post.
     
  7. duneflyer

    duneflyer TS Rookie Topic Starter

    Thats no problem. I know you can only go by what I tell you.

    I reran the programs this morning. I actually ran superspyware twice. I noticed the first time I ran it I recognized the malware it found in the resgistry before. So after it ran, and I cleaned it out, I reran it again, and I note that the same malware is written in the reg. Any ideas?

    Here are the logs, including both supersyware logs
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Here's where the Adware.E404 Helper/Variant-AR threat is:

    Have HijackThis remove this entry
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

    # Alias & packer info:
    * not-a-virus:AdWare.Win32.E404.jd [Kaspersky Lab]
    * packed with: PE_Patch.UPX [Kaspersky Lab]

    Also search for and delete this entry:
    %System%\351631

    You may know more about this than I do but it is a matter of concern:
    Download and run the Norton Removal Tool: The following Services is part of Norton Antivirus:
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    You also have PCAnywhere running:
    When you have finished with the above, run SuperAntispyware and HijackThis and attach logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...