Contracted malware software off a torrent site

Status
Not open for further replies.
My computer originally contracted malware after I downloaded some software off of a torrent site. It's been acting weird ever since. Couple of weeks ago, I followed your advice contained in 'UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions' but stopped short of submitting the generated logs to your site for analysis, and so the strange behavior started again: I seem to get redirected to sites different than expected, my install/uninstall process seems to be all screwed up, hypertext links don't seem to work and the computer doesn't seem to run quite as smoothly or as fast as it used to. At this point I'm about ready to reformat my raid disk and start all over. I'm sure that the fact that my registry is quite large doesn't help things either and jv16 power tools don't seem to be able to handle the mess either. Still I would like to find out what and where the culprit is, maybe it will help me understand, how these rascals work and what to avoid in the future. I'm attaching the latest logs, hope you can make some sence of them. Thanks in advance, Bojar
 
Hello Bojar

1. Did you get rid of your Torrent Software?

2. The redirects and difficulties with install/uninstall are typical of malware.

3. jv16 looks like it is a registry tool - you don't need it with the tools available here.
I am not telling you to throw away $30... but you can get clean, safely, without it.

4. Reformatting and starting over is always an option (of last resort)... Large registry should not be a liability. All it is is a database... taking up disk-space... not a drain on active performance.

5. "We" can help you get a clean bill of health, and maybe you can learn a little along the way. Mostly avoid, as you already have learned, P2P, as it opens a tunnel / highway for malware - straight through all your defenses (Hardware Firewall and Software Firewall both!)

6. To get clean... First...Follow the 8 steps diligently. Make sure you have d/l'd clean copies of the most recent tools to a clean machine... import them to your (infected machine) desktop and try running them from safe mode. Some should be run more than once and require turning off real-time monitoring (like Tea-Timer). Report back with your most recent logs.

Lots of good folk are here and willing to help. Good luck.
 
Thanks for your reply

Hi BookWyrm,

Thanks again for your quick reply, this is great. Here is the latest:

1. Yes, I got rid of the P2P software.

I'm including the 3 logs as instructed, did acquire these with the latest version of the cleaning tools in safe mode. I went through them, couldn't see anything, but my computer still feels weird. Please let me know, regards, Bojar
 
Thanks, kimsland
The IE Reset isn't working for me. The message when I try to run it: "this fix-it doesn't apply to your system". Any ideas? Also my IE doesn't work right. When I google for sites all is ok. But when I copy and paste a link into an address bar i get a message: "The requested lookup key was not found in any active activation context." Also when I run ccleaner I get a message: "Error in InetCpl.cpl.Missing entry: ClearMyTracksByProcess"

Hey never mind the last message! My autoupdate just installed IE 7 update, and now the Fix-it did the job, it reset IE internet settings, and my links now work properly. I therefore proceeded onto the next step (ComboFix) and fresh HijackThis scan. The results are attached. Thanks, Bojar.
 
Un-install Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • CF_Cleanup.png
  • Any popup errors about Antivirus just ok or close
Note: 1 space after ComboFix in that uninstall command


Clear system restore points
Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply
Turn it back 'On' by unticking the same checkbox & click Apply > OK


Update Java
Run JavaRa
This will remove all your old Java stuff (that is not required)
It will also help you check for new Java updates


Run IE Reset
Through MS "Fixit" from here: http://support.microsoft.com/kb/923737
Or manually from here https://www.techspot.com/vb/post682762-2.html


Remove HJT entries
Run HJT scan only and check the following entries, then select fix
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "h:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ZAFFRegisterTrustChecker] "C:\WINDOWS\system32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll" (User 'Default user')
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)


Un-install SuperAntiSpyware (user choice)
To uninstall SUPERAntiSpyware please visit the Control Panel and select the Add/Remove Programs option. Locate SUPERAntiSpyware in the list of software and click the Remove button.
If SuperAntiSpyware does not uninstall properly please run "SUPERAntiSpyware Uninstaller Assistant"
Read here for further info: http://www.superantispyware.com/supportfaqdisplay.html?faq=47


Cleanup
Download and run KCleaner https://www.techspot.com/downloads/4755-kcleaner.html
(uncheck RelevantKnowledge during install, pic here: http://i42.tinypic.com/aloy8z.gif)
Fully run (it says start actually ;))
Uninstall KCleaner once complete


Restart
All done :)
 
Status
Not open for further replies.
Back