Advice on HJT log

Status
Not open for further replies.

redsdreads

Posts: 11   +0
Hi

I have recently run through the preliminary removal instructions for virii and spyware.

I am attaching a log file for someone to look through to see if there is anything there that should not be.
 
Hello and welcome to Techspot.

Your HJT log is clean.

However, that doesn`t necessarily mean your system is clean.

Post the AVG Antispyware and Combofix log as requested in the instructions you followed. Also let me know the results of the Panda Antirootkit scan.

Let me know what problems you`re having(ifany).

Regards Howard :wave: :wave:
 
Hi

Thanks for the quick repy

The AVG antispyware scan, combo and the rootkit finder all came up with nothing.

I can rescan with them and post results if you'd like, but I am sure they all came up clean.

Can I post a log file from HJT on my laptop which i use on the same network, in this thread or should I post a separate thread?
 
If your sure those logs are clean, then so be it.

Yes, you can post a HJT log from your laptop into this thread if you like.

Regards Howard :)
 
Thanks

Here's my laptop log from HJT, again the other logs you asked for came up clean.

On both machines the online virus scanner found virii and removed them.

On the desktop (1st log posted) the online virus scan did find an issue that it could not resolve. I may run the online scan again, but after running it previously the mft of two of my hdd got screwed. Dunno if this is relevent to the online scan or something just happened to occur at the same time?
 
That HJT log is also clean.

On the desktop (1st log posted) the online virus scan did find an issue that it could not resolve.

This is what I mean. Unless you know how to analyse Combofix logs etc, how do you know they`re clean?

Regards Howard :)
 
Ok.

I will run combofix, avg etc and post all logs.

Should I run the online scan again and see if it comes up with the same errors?

Thanks for your patience.

Will go through the procedure now instead of trying a rush fix job.


Regards

Jonathan
 
No, you can skip the online scan seeing as it couldn`t fix the problem.

Regards Howard :)

This thread is for the use of redsdreads only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Already currently running the online scan on both desktop and laptop.

Just read your most recent post but will let the online scans continue.

Will following all of the set out procedures ensure my system is safe?
Is there a sticky post for securing networks too?

I hope that by going through the procedures in the virus/malware sticky will get my systems 100% clean as I link up customer's PCs to my network for work and do not need to be infecting new machines on the network!

Will let you know how it goes and post logs accordingly.

Much thanks again

Jonathan
 
Following the instructions will help to identify if you have any malware on your system.

I don`t think there is a sticky on securing networks, but there is this on securing Wireless, if that`s any use to you.

For info on keeping your system more secure, see this thread HERE.

Regards Howard :)

This thread is for the use of redsdreads only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Online virus scan through Trend Micro has found the following (no way of getting a log off of explorer window as it's java)

FREELOADER_SMITFRAUD
RAP_GENERIC
HTTP cookies

above 3 findings have clean/delete options

but there is one other items that appears at the end of the list, I believe this is the same as the desktop online scan also:

Vulnerability in Microsoft JScript could allow remote code execution (917344)

When this was found on the desktop machine I followed the link it provided:

http://www.microsoft.com/technet/security/Bulletin/MS06-023.mspx

I will download Microsoft recommended updates for this issue.

The above issue was also found previously on the desktop machine and I tried to apply the recommended updates but they failed saying that "The version of internet explorer you have installed does not match the update you are trying to install" ( I am using IE7 7.0.5730.11).

Addendum

Desktop has finished online scan with the following results:

HKTL_TWEAK.B
CRCK_WINKEY.C
CRCK_WINDOWS.H
CRCK_OFFICE.B
CRCK_WINKEY.D
CRCK_WINDOWS.I
CRCK_WINXP.C
CRCK_XPPROKEY.C
CRCK_KEYMAKE.C
CRCK_WINKEY.B

The previous Javascript issue did not show this time (go figure?).

All of the above are able to be cleaned automatically using the online scanner, which i will do now.

Any ideas on fixing Microsoft JScript issue?

I will continue with the cleaning procedure and post results accordingly.

Regards

Jonathan
 
Yes, it looks like your system is infected.

I`ll know more once I`ve seen your log files.

Regards Howard :)

This thread is for the use of redsdreads only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I didn't tell you the problems I have been having:

Slow system when multitasking, lag when playing online games (fps dropping)
Mft file corruptions on 2 drives (1 fixed drive partitioned)

Computers that connect to the network end up being slow (eek!)

Shutdown and restarts (even safe mode) are slow.

Have an icon called user accounts 2 in control panel (wth?).

Will post logs of both systems seperately when they have completed.

Thanks again for your help here, it is much appreciated.

Regards

Jonathan
 
Ok, I`ll be able to advise you better, once I`ve seen your logfiles etc.

Regards Howard :)

This thread is for the use of redsdreads only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Desktop PC:

Online scan failed to fix the issues it found! (listed in previous post)

When rebooting after running the scans, scandsk keeps scanning my G:\!
(G:\ = Games storage drive. Wondering if this is where some dodgeyness lies?) Eventhough nothing is found???

Also rebooting in safemode offers me an option to skip loading sptd.sys, if I skip it I get BSOD! If I let it load, safemode works. Pretty sure this is to do with Daemon tools and not a major issue. But still having difficulty removing sptd.sys...

Panda rootkit found nothing
(no way of saving a log)

Attached are log files of scans.
next two log files in next post (cannot add more than 4 attachments)

last two logs
 
Desktop

Desktop:

Still having problems on reboots with system scanning G:\

Copying all data to seperate drive, then gonna format G:\ and see if that helps.

Thanks for your time looking over my issues.

What is your recommendation with the online scan not fixing found issues, is it worth repeating until all issues are resolved?

Will repost in this thread (or should I start anew?) when I can get time to do scans on the laptop.

Thanks again

Jonathan
 
Some issues can`t be fixed with the online scan.

If you could let me know the file paths to the issues that can`t be fixed, I`ll take a look and see if they can be fixed manually.

As for your blue screen problem.

Go and read this thread HERE and see if it helps you to identify the culprit.

If it doesn`t, please attach 5 or 6 of your latest minidumps.

Regards Howard :)

This thread is for the use of redsdreads only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back