Contracted malware software off a torrent site

By Bojar
Apr 21, 2009
Topic Status:
Not open for further replies.
  1. My computer originally contracted malware after I downloaded some software off of a torrent site. It's been acting weird ever since. Couple of weeks ago, I followed your advice contained in 'UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions' but stopped short of submitting the generated logs to your site for analysis, and so the strange behavior started again: I seem to get redirected to sites different than expected, my install/uninstall process seems to be all screwed up, hypertext links don't seem to work and the computer doesn't seem to run quite as smoothly or as fast as it used to. At this point I'm about ready to reformat my raid disk and start all over. I'm sure that the fact that my registry is quite large doesn't help things either and jv16 power tools don't seem to be able to handle the mess either. Still I would like to find out what and where the culprit is, maybe it will help me understand, how these rascals work and what to avoid in the future. I'm attaching the latest logs, hope you can make some sence of them. Thanks in advance, Bojar
  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,550   +18

    Hello Bojar

    1. Did you get rid of your Torrent Software?

    2. The redirects and difficulties with install/uninstall are typical of malware.

    3. jv16 looks like it is a registry tool - you don't need it with the tools available here.
    I am not telling you to throw away $30... but you can get clean, safely, without it.

    4. Reformatting and starting over is always an option (of last resort)... Large registry should not be a liability. All it is is a database... taking up disk-space... not a drain on active performance.

    5. "We" can help you get a clean bill of health, and maybe you can learn a little along the way. Mostly avoid, as you already have learned, P2P, as it opens a tunnel / highway for malware - straight through all your defenses (Hardware Firewall and Software Firewall both!)

    6. To get clean... First...Follow the 8 steps diligently. Make sure you have d/l'd clean copies of the most recent tools to a clean machine... import them to your (infected machine) desktop and try running them from safe mode. Some should be run more than once and require turning off real-time monitoring (like Tea-Timer). Report back with your most recent logs.

    Lots of good folk are here and willing to help. Good luck.
  3. Bojar

    Bojar Newcomer, in training Topic Starter

    Thanks for your reply

    Hi BookWyrm,

    Thanks again for your quick reply, this is great. Here is the latest:

    1. Yes, I got rid of the P2P software.

    I'm including the 3 logs as instructed, did acquire these with the latest version of the cleaning tools in safe mode. I went through them, couldn't see anything, but my computer still feels weird. Please let me know, regards, Bojar
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  5. Bojar

    Bojar Newcomer, in training Topic Starter

    Thanks, kimsland
    The IE Reset isn't working for me. The message when I try to run it: "this fix-it doesn't apply to your system". Any ideas? Also my IE doesn't work right. When I google for sites all is ok. But when I copy and paste a link into an address bar i get a message: "The requested lookup key was not found in any active activation context." Also when I run ccleaner I get a message: "Error in InetCpl.cpl.Missing entry: ClearMyTracksByProcess"

    Hey never mind the last message! My autoupdate just installed IE 7 update, and now the Fix-it did the job, it reset IE internet settings, and my links now work properly. I therefore proceeded onto the next step (ComboFix) and fresh HijackThis scan. The results are attached. Thanks, Bojar.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Un-install Combofix
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    • [​IMG]
    • Any popup errors about Antivirus just ok or close
    Note: 1 space after ComboFix in that uninstall command


    Clear system restore points
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply > OK


    Update Java
    Run JavaRa
    This will remove all your old Java stuff (that is not required)
    It will also help you check for new Java updates


    Run IE Reset
    Through MS "Fixit" from here: http://support.microsoft.com/kb/923737
    Or manually from here http://www.techspot.com/vb/post682762-2.html


    Remove HJT entries
    Run HJT scan only and check the following entries, then select fix

    Un-install SuperAntiSpyware (user choice)
    To uninstall SUPERAntiSpyware please visit the Control Panel and select the Add/Remove Programs option. Locate SUPERAntiSpyware in the list of software and click the Remove button.
    If SuperAntiSpyware does not uninstall properly please run "SUPERAntiSpyware Uninstaller Assistant"
    Read here for further info: http://www.superantispyware.com/supportfaqdisplay.html?faq=47


    Cleanup
    Download and run KCleaner http://www.techspot.com/downloads/4755-kcleaner.html
    (uncheck RelevantKnowledge during install, pic here: http://i42.tinypic.com/aloy8z.gif)
    Fully run (it says start actually ;))
    Uninstall KCleaner once complete


    Restart
    All done :)
  7. Bojar

    Bojar Newcomer, in training Topic Starter

    Thanks Kimsland,
    All is well.....Bojar
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Thanks for the update :grinthumb
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.