Completed 8 steps, logs attached

By tddybear98765
Jan 7, 2009
Topic Status:
Not open for further replies.
  1. My results of doing the 8-step Viruses/Spyware/Malware Preliminary Removal as instructed....

    1.) I did a full antivirus scan done with a 30 day trial version of TrendMicro Internet Security Pro verson 17.0. The results of that were 7 cookies which were quarantined successfully.

    2.) I then downloaded/installed and ran CCleaner 3 times.

    3.) I turned off the TrendMicro Security Pro program and believe that is the only real time monitoring program to be running at the time.

    4.) I downloaded/installed/updated and ran the Malwarebytes program. It was partially done, approx. a quarter of the way I would guess, when my monitor went blank then slowly got all the icons and such back so I made sure the program was shut down and totally restarted it and juststarted the scan over again from the beginning. That log file will be attached.

    5.) I downloaded/installed/updated and ran the Super anti spyware program. The log file is attached as requested.

    6.) I had to update my Java and it is now Version 6 Update 11 as the website said it should be. I was unable to delete any older versions that may be needing it because even though I can get my control panel open...the add/remove programs window wont open.

    7.) I downloaded/installed/updated and verified I had gotten to most current version of Highjack This! then ran the scan as instructed and will attach that log file also.

    8.) Finally on the last step afterI dont want to say how much later 'mumbling' I am going to post the requested logs in a thread and then cross fingers and toes y'all dont laugh me out of here!!

    Another thing that is screwy with this comp that come to mind is that it is stuck on the old logon screen and I have been miserably unsuccessful at fixing that problem as well as all the others my logs will prob show you I have. I have received the errors about OJLEACC dll and tu_logonui.exe Although I cannot remeember any specific thing I did to prompt those eror messages to come up.

    Thank you for taking the time to look at my thread and any assistance you may be able to provide is greatly appreciated......

    Heather
    (Please excuse typos, I was taking notes in notepad as I progressed thru each step and wanted to concentrate more on doing each of them totally correctly as opposed to worrying about a few funny spellings lol)

    Again, thanks in advance!!
  2. rf6647

    rf6647 TechSpot Maniac Posts: 931

    Code:
    C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
    
    MBAB did not handle all that it found until the computer restart.

    There are mixed signal for this problem. The major infection was a comparative lightweght. However, your description and HJT log indicate another scan tool should be used.


    First, rescan with MBAB followed by SAS. Repeat until clean or something that cannot be cleaned.


    This indicates prior use of ComboFix. Uninstall previous version. See supporting information.
    Code:
    O20 - Winlogon Notify: __c00AE7A7 - C:\WINDOWS\
    O20 - Winlogon Notify: __c00DC242 - C:\WINDOWS\
    Next, scan with ComboFix. See supporting information.


    HJT scan informs what has not been handled (computer restart before HJT scan)

    Post new logs and describe conditions.

    Supporting information
  3. tddybear98765

    tddybear98765 Newcomer, in training Topic Starter

    Thank you for trying to help me resolve these issues...

    I ran Malwarebyte's again and am attaching that log. I then ran the SAS again as
    requested, two times...and will attach that log.

    When I tried to uninstall Combofix /u, I got the error message that windows cannot find combofix? Not sure what to do from here, any advice would be appreciated....

    thanks in advance,
    Heather
  4. rf6647

    rf6647 TechSpot Maniac Posts: 931

    Scan with HJT. Tick & Fix items corresponding to code box. Restart computer
    Code:
    Missing items indicate prior cleaning
    
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) >> broken (yahoo companion)
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll  >> [URL="http://www.systemlookup.com/lists.php?list=3&type=clsid&search=4EAFEF58-EEFA-4116-983D-03B49BCBFFFE&s="]malware[/URL]
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll >> [URL="http://www.systemlookup.com/lists.php?list=3&type=clsid&search=d9288080-1baa-4bc4-9cf8-a92d743db949&s="]objectionable[/URL]
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} >> broken [URL="http://www.systemlookup.com/lists.php?list=10&type=clsid&search=1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB&s="](malware)[/URL]
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - >> broken [URL="http://www.systemlookup.com/lists.php?list=10&type=clsid&search=DF780F87-FF2B-4DF8-92D0-73DB16A1543A&s="](malware)[/URL]
    O20 - Winlogon Notify: __c00AE7A7 - C:\WINDOWS\
    O20 - Winlogon Notify: __c00DC242 - C:\WINDOWS\
    
    Install new copy of combofix.

    Run ComboFix.

    Scan with HJT.

    Post both logs.
  5. tddybear98765

    tddybear98765 Newcomer, in training Topic Starter

    Sorry it took me a bit to get the next steps completed.....

    I scanned with HJT, ticked and fixed items as directed. I then installed a new copy of Combofix and ran that.

    I am attaching both log files as requested.

    Again, all the help is more appreciated than you know!
    Heather
  6. rf6647

    rf6647 TechSpot Maniac Posts: 931

    I was hopeful another specialist would have seen that I am unavailable to respond fully to your findings in the log. It appears that fake antispy was infecting your computer.

    It also deleted D:\autorun.inf If D: is a flash memory device, check to see that it can still be detected upon insertion. The other means is to explore the device (windows explorer).

    It appears that you are not experiencing symptoms at this point. Advise of changes.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.