TechSpot

36 tasks open

By Stacey
Apr 3, 2007
  1. It's me yet again, Stacey. My desk top computer at home must have alot of nasties. What link do I go to to post the hijack log. I am working off my lap top, since the other one is :( mad at me, for being dumb.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go and read this thread HERE, then post a HJT log as an attachment into this thread.

    Regards Howard :)
     
  3. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Thank you

    Hi Howard. Nice to see you back. I am in class right now, Computers (Ha!Ha!) As soon as I get home I will do that post for you. Thanks again for your help.
    Stacey
     
  4. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    HJT Log

    Hi.
    Sorry for the delay. If you get a chance would you please take a look. I appreciate any help.
    Stacey
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Once you post your HJT log, I`ll be happy to take a look at it. ;)

    Regards Howard :)
     
  6. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    HJT Log

    Good Morning Howard. I have attached the log. Thank you for taking the time to help me.
    Stacey

    I started gooling the log, yet I keep getting confused (not that hard). Norton Symantec needs to go!
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re running an outdated version of HJT. See HERE for the latest version.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O16 - DPF: {19B6C07F-7AA5-4170-88A9-EF184DC2EC40} - http://38.144.58.94/install.cab

    O20 - AppInit_DLLs:

    Click on the fix checked button.

    Close HJT and reboot your system.

    Download the following antivirus and firewall programmes.

    AVG free or Avast antivirus programmes.

    Zonealarm or Kerio free firewall programmes.

    Then, go and read this post HERE and follow the instructions for removing Symantec/Norton.

    Once Symantec/Norton has been completely uninstalled, install whichever firewall programme you chose, followed by whichever antivirus programme you chose. Reboot your computer the required number of times and run the antivirus updates.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Thank you Howard. I will work on that later tonight when I get home. Your the best and I am so glad your here.
     
  9. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    I clicked and let HijackThis fix the two items you said. I down loaded and ran the lastest version of HijackThis, you suggested. The Reply is not letting me attach the new log.
    I have also removed Norton crap; dowloaded AVG antivirus, AVG spyware, and zone alarm. I am hoping all is going to look well.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have removed your previous HJT log. Hopefully, you`ll now be able to attach a fresh HJT log.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Hi Howard! I will post the log later on today when I get home from work. It seems after I installed the Zone alarm the computer slowed, I may have two fire walls running. I have to look into that too. Thank you once again, and I will post log ASAP.
    Stacey
     
  12. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Nerw Log

    Here is a new log that I have just run. If you have a chance could you let me know how it looks.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean. However, it appears there`s still a Symantec/Norton service running.

    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

    I suggest you read this post HERE and follow the instructions.

    You can post a fresh HJT log after you`re done, if you like.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    New Log

    Norton has been removed from the computer, via the removal tool. I have attached the new log.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    O.M.G. Thank you so much for walking me through that.
     
  17. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    CD instalation Virus?

    Hello, It is me again. I am hoping for some help with a log. I am triing to clean my fiance`s computer and I am having a hard time getting SE and AVG spyware to load. Every now and then I am getting a blue screen telling me there is a memory issue and there is a driver problem. It seems the disk drive is not being recognized. He purchased a disk for GM automotive repair on Ebay and when he installed it the problems began.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

    O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\System32\msnhlp32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Other than the above, your friends HJT log is clean.

    I suggest your friend tries a system restore to before he installed the problem software.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Howard here is the new log. I have been tring to download the AVG Spyware and SE Personal, it seems I am not able to do so. Is there something that I may be doing wrong.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That HJT log is clean, unless the 017 entries are not from your friends ISP, in which case they should be fixed.

    If you`re still concerned over malware, I suggest you post a Combofix log as per step12 of these instructions.

    Since the problems only started when your friend installed new software, it seems likely that it`s the cause of the problems and that`s why I recommended a system restore to before the new software was installed.

    Regards Howard :)
     
  21. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Thank your for your time, Howard. I am not sure he knew about system restore. I have attached the logs. I am still not able to get SE Personal, any suggestions.

    Also; how do I find out wht the IP address is?
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Wow, it seems your friends sytem is riddled with malware.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop. The Avenger script is attached to the bottom of this post.

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply.

    Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly. In your friends case, as many of the instructions as possible.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    Here is the avenger.txt I will be working on the others
     
  24. Stacey

    Stacey TS Rookie Topic Starter Posts: 146

    I was unable to get SE Personal and AVG Spyware logs. AVG Rootkit found nothing.
     
  25. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Everything looks clean there.

    Perhaps the problem really isn`t caused by malware and is more to do with the software that was installed prior to the start of the problems.

    Tell your friend to try a system restore.

    Regards Howard :)

    This thread is for the use of Stacey only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...