TechSpot

Cleaning up 'spyware detected' - logs posted

By Vincavec
Nov 28, 2007
  1. Hello folks,

    I, too, have that blasted 'Spyware detected' alert in my system tray. Red circle, white "!"

    I've run all the scans, attached are the required logs. There doesn't seem to be any problem now - but can someone help me make sure it's really gone and not coming back?

    Vincavec
     
  2. evilfantasy

    evilfantasy Banned Posts: 428

    You are running two firewalls, you need to pick one and uninstall the other. This can cause conflicts.

    Open HijackThis and select "Do a system scan only"

    Place a check mark next to

    O2 - BHO: (no name) - {40C8A407-37A9-47C8-823E-D9F90A17C448} - (no file)
    O20 - Winlogon Notify: ljjiihi - C:\WINDOWS\SYSTEM32\ljjiihi.dll


    Click "Fix checked"

    =====

    Delete these files/folders, as follows:

    * Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    * Save this as CFScript on the desktop.
    * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

    [​IMG]
    * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.

    =====

    [​IMG] Your Java is out of date
    Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update

    Updating Java:
    * Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    * Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
    ** The latest version is Java 6 Update 3. Remove all other entries.
    * Click the Remove or Change/Remove button.
    * Repeat as many times as necessary to remove each of the Java versions.
    * Reboot your computer once all Java components are removed.

    * Download the latest version of Java Runtime Environment (JRE) 6
    * Click the Free Java Download button.
    * Click the Download Now button.
    * When the Software Installation dialog box opens. Click on the Install Now button.
    * Follow the prompts to complete installation.

    ===

    Next post please attach
    Combofix log
    New HijackThis log
     
  3. Vincavec

    Vincavec TS Rookie Topic Starter

    Updated Scan, updated Java

    Oh, forgot to mention, rootkit was clean before.

    OK - in order...

    I'm only running one firewall - Comodo - only installed one firewall on this computer. If you can name the other firewall program, I'll see about hunting it down and shutting it off.

    While Combofix was running, my virus-scanner, (AVG) 'found' and quarantined the "ljjiihi" file

    Combofix completed, but froze while preparing the log files (CPU cycles running at 50% for more than an hour).

    Rebooted, reran Combofix (without the CFScript), froze in same spot.

    Removed old Java, installed new Java.

    New HijackThis log posted
     
  4. evilfantasy

    evilfantasy Banned Posts: 428

    Firewalls showing are
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    If the NVIDIA is a hardware firewall it is OK to keep

    Open HijackThis and select "Do a system scan only"

    Place a check mark next to

    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\ljjiihi.dll (file missing)

    Click "Fix checked"

    I think the combofix worked because the entries that I was concerned about are gone.

    Go to Start > Run and copy and paste next command in the field:

    ComboFix /u

    [​IMG]

    Make sure there's a space between Combofix and /
    Then hit Enter.

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again

    Let me know if anything else comes up.
     
  5. Vincavec

    Vincavec TS Rookie Topic Starter

    Looks like its done...

    Yeah, NVIDIA is a hardware firewall - I have a NVIDIA chipset on my motherboard.

    Thank you for the swift help. I'll post again if anything else comes up.

    Vincavec
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    I realized that too late :cool:

    Safe surfing......
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...