TechSpot

8 steps done. This is my hijackthis log

By narlina
Mar 6, 2009
  1. please help :(

    i've done all the 8 steps. the malwares have been cleared, but i still cannot run task manager. everytime i press CTRL ALT DEL, there's this notepad file popping out from nowhere.

    before this the search and run buttons on start menu were missing, but after the 8 steps i got them back. but the task manager still cannot be opened

    HELP!
     

    Attached Files:

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes you have Vbs.Sasan.N. Worm here:
    O4 - HKLM\..\Run: [h4ck3v1l] C:\WINDOWS\h4ck3v1l.vbs

    And some strange startup here:
    F3 - REG:win.ini: load=

    But where are the 3 logs? (we got 1 out of 3 ;) )

    You can open HJT and tick and fix the above two at least. From there no idea. (ie really need the logs)
     
  3. narlina

    narlina TS Rookie Topic Starter Posts: 25

    here are the logs..

    i also can't run any setup. the notepad thing comes out again when i do that.
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well your 30seconds ! quick scan with Malwarebytes is ironically not good enough.
    And it required updating too.

    Startup Malwarebytes, update it, then run a full scan, remove all found malwares once complete
    Provide the log
     
  5. narlina

    narlina TS Rookie Topic Starter Posts: 25

    okay I've updated it. here's the log
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Startup HJT scan and remove (by ticking then selecting fix) to these two entries
    Restart, and then provide a new HJT log, as an attachment
     
  7. narlina

    narlina TS Rookie Topic Starter Posts: 25

    erm, i've deleted those.

    here's the log
     
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    That's great news :grinthumb

    Also do this:

    IE Reset
    http://www.techspot.com/vb/post682762-2.html

    And then this:

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply

    Restart

    Then do another scan with HJT (scan and log file) and attach this to a new reply as well

    Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this ;)
     
  9. narlina

    narlina TS Rookie Topic Starter Posts: 25

    okay i've downloaded combofix but i can't run the setup

    the error says application failed to initialize because windows station is shutting down.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You may need to run Combofix in Safe Mode
    Just press F8 key before Windows starts loading, then select Safe Mode, then log into your Administrator account
    Locate Combofix (hopefully somewhere easy to find)

    Then run it :grinthumb
     
  11. narlina

    narlina TS Rookie Topic Starter Posts: 25

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...