TechSpot

Do you mind analyzing this log for me?

By greatman05
Mar 17, 2009
  1. Hello. I think I was infected with ctfmon_lr.exe, and I think I got most of it...I just want to make sure it's gone, because explorer.exe and taskmanager, etc. All have abnormally high memory usage...
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  3. greatman05

    greatman05 TS Maniac Topic Starter Posts: 429

    Okay...so I went through the 8 steps and I have the log files...Just to let you know, the problem I was having was that Windows was using an abnormal amount of memory for a lot of my programs, and was extremely slow...I had to kill the Windows Explorer process just to get it to run acceptably while I did the scans...But now, I think It's gone, because the memory usage is back to normal levels for me (~43-45M for Windows Explorer, ~4-6M for Task Manager, etc.), but I still want to see if my system is clean...
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I'd say not clean yet :(

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
    Save the log to be attached to a new reply


    Combofix Instructions

    • Download [​IMG]Combofix to your desktop.
    • Double click Combofix & follow the prompts.
    • A window will open with a warning.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt
    Please save this file to be attached to a new reply

    Also attach a fresh HiJackThis scan ran afterwards


    3 logs required...
     
  5. greatman05

    greatman05 TS Maniac Topic Starter Posts: 429

    Here's Log Set #2
     

    Attached Files:

  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Um I think I counted 4 File Sharing programs, I'm not sure where to begin informing you...

    But because I see this all too often, I'm thinking about adding it to the guide as a definite removal (not just disable) I'll need to talk to the other Malware helpers on their thoughts to the matter.

    Generally TechSpot seems to get a lot of gaming enthusiasts, and generally these "gamers" also tend to use "File Sharing" programs and generally they tend to be young. (All this being "generally" :D)

    It's making me think twice about continuing help in the Virus & Malware removal forum, as I'm basically going in circles. Whereas on the other forums (ie Windows faults) I get real results, ie the Members don't want to get the fault again. But here on this forum, Users have even argued with me (not you) about keeping these programs, and then.. Guess what? They are back again :( ...

    You know its taken me a year on the Virus Malware removal forum to realize this, just today!

    For you, you just need to uninstall the 4 File Sharing programs and then basically start again, as you are likely re-infected by now. These programs "Share" all your details and bypass your Firewall (as per their intention) as soon as they are installed. ie You agreed to this by installing them, if you knew it or not.

    It's incredible that I've had this realization, and it even makes more sense now, and why older members who supported in this forum, left. They suddenly realized that it makes no difference. Sad but I always prefer the truth.

    If you need more help with Virus removal, you will need to create a new thread, as I think I just quit.
     
  7. kritius

    kritius TS Guru Posts: 2,084

    Also ComboFix is running from My Documents.

    And yes, there are 4 P2P programs installed there. :rolleyes:
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Amazing isn't it when that light goes off in your head? The only thing that has kept me doing anything in that forum is the incredibly bad advice some users are being given! But I should know by now I can't change the world and what I say to the (the unreliable "helpers") isn't going to make them change!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...