TechSpot

Disinfection run

By bopz
May 26, 2007
  1. Please help review these logs.

    I got the "Spyware infection has detected !"
    just a couple days after hooking up a new bigpond cable modem.
    Huge ads all over the place.

    So, I followed the instructions here.
    Viruses/Spyware/Malware, preliminary removal instructions

    Combofix wouldn't run. It thinks my system is non-NT, for some reason.
    Antirootkit says it can't find anything.
    Lots of things found by SS&D, AVG antivirus, AVG Antispyware, and by the smaller tools. Deleted everything I found.

    Here are the logs.
     
  2. bopz

    bopz TS Rookie Topic Starter

    Second HJT log after I killed a couple of suspicious items:
    "ipmon" and "wmp"


    Please review - any help appreciated.
     
  3. bopz

    bopz TS Rookie Topic Starter

    Please help me disinfect! logs included.

    Please help me disinfect! logs included.

    I have done some disinfection but I am still suspicious - there are strange processes, services and .exes in the system I don't recognize.

    See thread
    http://www.techspot.com/vb/topic78035.html

    Any help with these logs appreciated!
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi bopz and welcome to techspot. =)

    Please wait at least 24 hours for assistance before bumping the threads. Do not start a new thread on the same topic that has not been resolved.

    Firstly, your AVG log displays 'No Action Taken' for all the files detected.

    I suggest you run AVG again and quarantine the files. Pictorial instructions HERE.

    Have HijackThis fix the following:

    O2 - BHO: (no name) - {75AB7B8E-3EF8-4034-8780-03F7B671885B} - C:\WINNT\system32\ddcyw.dll (file missing)
    O20 - Winlogon Notify: efcabxu - efcabxu.dll (file missing)
    O21 - SSODL: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)
    O22 - SharedTaskScheduler: considerateness - {4d993022-0899-4599-b4b6-0f887d0802e6} - (no file)

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. Please provide the details of your AVG Anti Rootkit scan too.


    Regards,
    Your friendly Momok =)

    This thread is for the use of bopz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Threads merged.
     
  6. bopz

    bopz TS Rookie Topic Starter

    Did as you suggested.

    I think the reason the AVG logs said no action, was because I saved the log before clicking: perform selected actions. But I did perform them.

    Antirootkit said, nothing found.

    System seems a bit wobbly though. Some progs, like Outlook and Zone Alarm hang on the desktop sometimes.

    Here are the fresh logs.
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O4 - Startup: NetRadio.lnk = ?

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.
    C:\WINNT\wmp.exe

    Reboot into normal mode and rehide your protected OS files.

    Your system appears to be quite clean. However, I notice a tonne of unnecessary processes running, as well as modifications to your OS look that take up alot of your system resources. That would be the main reason why your system is laggy.

    May I suggest that you read this thread here on how to speed up your system.


    Regards,
    Your friendly momok =)

    This thread is for the use of bopz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...