TechSpot

Badly infected system

By khalilcs
Aug 6, 2008
  1. Hi guys, I am in my girlfriends computer and she has a system very infected. She has like those toolbars spywares, trojans and her security is very low. She doesnt know about computers much so its very vulnerable.

    I follow all the preliminary removal instructions:

    I am attaching all the neccessary logs

    The panda antiroot kit came out negative


    I thank you all very much for your support!
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Looks like Symantec (Norton) and AVG8 installed together
    You also have YPCSER~1.EXE (Yahoo parental control) going on
    And a few Toolbars and things

    I'd say do this:

    Remove Norton (fully)
    Decide on removing Yahoo parental control (your option)

    How to use Reset Internet Explorer Settings (RIES)

    To use RIES in Internet Explorer 7, follow these steps:

    1. Click the Tools menu, and then click Internet Options.
    2. On the Advanced tab, click Reset.
    3. In the Reset Internet Explorer Settings dialog box, click Reset.
    4. When Internet Explorer 7 finishes restoring the default settings, click Close, and then click OK two times.
    5. Close Internet Explorer 7. The changes take effect the next time that you open Internet Explorer 7.

    You do have IE7 on that HP?

    Also run Startup Control Panel
    Run CCleaner

    Then at last (after a few restarts- ie the above) Then do another HJT log
    If you want, you can update AVG8 definitions online too (and even run a full scan with it) then do the HJT log

    That's a good start
     
  3. khalilcs

    khalilcs TS Rookie Topic Starter

    Alright Kimsland I did everything you told me

    here I run another HJT log

    Thanks so much for helping me

    How is the computer looking?
     
  4. slayerstuv

    slayerstuv TS Rookie

    not to be rude but you should get rid of avg as well and get avast
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Norton isn't gone you need to run the removal tool from their site.

    Then please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.

    1)MBAM log
    2)SAS log
    3)Hijackthis log (last step)
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    LiveUpdate for Symantec (Norton):
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    This can be removed from Add/Remove Programs

    Here it is again:
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    Not sure if others can chck as well (because I cannot find anything else of any worry)

    How's the computer running now?

    Doh! I had my message opened too long again :(
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...