TechSpot

8 step virus/Spyware/Malware help-Hijackthis log analysis

By Dazed78
May 16, 2009
  1. I have been having problems with the "Relavant Website" malware hijacking my browser. I ran the 8 step removal process and have attached the Hijackthis log as recommended. I can't find the log for Malwarebytes (which showed nothing) and Super AntiSpyware (which removed 374 adware tracking cookies). I must have failed to save the logs or something like that. The log for Hijackthis showed a large number of items and recommended having someone knowledgeable look at the log before deleting the items listed.

    Can someone please review this log and tell me what I should and should not delete?

    In addition, if someone has any experience in removing the Relavant Website malware and would like to pass on their recommendations, that would be greatly appreciated.
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hosts File Corrupted



    Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program.
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
    • Click on Make ReadOnly to secure it against further infection.
    • Exit the program.

    Visit the Website for more information.

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Unistall ALOT toolbar,

    MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

    RSIT
    Download random's system information tool (RSIT) by random/random from HERE and save it to your Desktop.

    • Double click on RSIT.exe to run.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt <will be maximized and info.txt <will be minimized
    • Please post the contents of both logs in the next reply.
     
  3. Dazed78

    Dazed78 TS Rookie Topic Starter

    Info requested by kritius - hosts file corrupted

    Attached are the two log files that you requested. Thank you for your assistance.
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Hi,

    Did you install the MVPS hosts file?

    OTMoveit3 by OldTimer
    Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes
      explorer.exe
      
      :Services
      
      :Reg
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9ed0a0c-cbbe-11dc-b12e-0015af2950a7}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dbbab20e-b5ad-11dc-a726-0015af2950a7}]
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Uninstall these,

    Java(TM) 6 Update 5

    Java(TM) 6 Update 7


    [​IMG]Run Kaspersky Online AV Scanner

    In order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
    Attach the report into your next reply

    If you are having trouble with the scan, please see this animated guide.

    >>>Animated Guide<<<
     
  5. Dazed78

    Dazed78 TS Rookie Topic Starter

    Log files requested by kritius

    I have now installed the MVPS Hosts that you had previously mentioned. I had overlooked that intruction.

    I have performed the other recommended operations (or at least I think I have). The requested files are attached.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Ok, those look good.

    Give me one more RSIT log and we'll see how things look now.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...