TechSpot

Help with HJT log please.

By T_T
Nov 29, 2007
  1. I see some new things I'm not sure what they are.
     
  2. Rik

    Rik Banned Posts: 3,814

    It looks like your system is infected with Win32.Rbot.H worm .

    Go to this thread - http://www.techspot.com/vb/topic93156.html and follow the link to the Malware removal instructions and follow them exactly.

    Once done.
    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
    We also need to know the result of Panda Antirootkit.

    There is no need to zip the logs.

    This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. T_T

    T_T TS Rookie Topic Starter Posts: 19

    I can't run the Panda Antiroot programme. When I run it the box pops up but its blank and stays that way.
     
  4. Rik

    Rik Banned Posts: 3,814

    Ok, carry on with the rest of the instructions and post the requested logs when done then.



    This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. T_T

    T_T TS Rookie Topic Starter Posts: 19

    Ok. here are the logs. I couldn't use panda antiroot but I did use the avg antiroot and it came up clean.

    Sorry forgot this last log.

    (Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
     
  6. Rik

    Rik Banned Posts: 3,814

    First off, your Internet Explorer is out of date. You need to go HERE and update it.

    Your system is infected with Win32.Rbot.H worm. Do you use your pc for online banking? If so you should change all passwords immediately by Phone and inform your bank that your information may be compromised.

    I will look into removal instructions for that infection.

    [edit] Go to this link - http://www.pandasecurity.com/homeusers/solutions/activescan/ and run the active scan.

    Once done, post fresh combofix and HJT logs.

    This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. T_T

    T_T TS Rookie Topic Starter Posts: 19

    I can't seem to be able to run the scan on that site. Shows javascript:javascript:validar_formu(); on the big green button for the scan.
     
  8. Jase123

    Jase123 Banned Posts: 1,012

    Are you sure you have the latest java? Java doesn't use automatic update - you have to manually update.

    The latest version can be found HERE.

    Regards Jason :)
     
  9. T_T

    T_T TS Rookie Topic Starter Posts: 19

  10. evilfantasy

    evilfantasy Banned Posts: 428

    You have to use Internet Explorer. Firefox will not work with Panda Online Scan.
     
  11. T_T

    T_T TS Rookie Topic Starter Posts: 19

    Yeah, I know. it was with internet explorer. I clicked scan on the first page and a pop up window opens up and asks to put in email for the scan to start.
     
  12. Jase123

    Jase123 Banned Posts: 1,012

    Yes - just simply put your email address in.

    Regards Jason :)
     
  13. T_T

    T_T TS Rookie Topic Starter Posts: 19

    I have... It doesn't do anything I've tried many times. In firefox when I click it it will at least say "Not compatible with firefox" But when I do it with internet explorer the green button doesn't do anything.
     
  14. Jase123

    Jase123 Banned Posts: 1,012

    It works for me. Are you installing the pop up that comes saying "Install"?

    Regards Jason :)
     
  15. T_T

    T_T TS Rookie Topic Starter Posts: 19

    Theres no pop up of any installations for me. Clicking the green button after putting email in doesn't do anything at all.
     
  16. Jase123

    Jase123 Banned Posts: 1,012

    Hmm very strange. Lets use the Kaspersky scanner instead.

    Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

    1. Click on Kaspersky Online Scanner button.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
    4. When the downloads have finished, click on Next button.
    5. Click on Scan Settings button.
    6. Select extended under Scan using the following antivirus database:
    7. Check (tick) these boxes under Scan options:
      • Scan Archives
      • Scan Mail Bases
    8. Click OK
    9. Click on My Computer under Please select a target to scan:
    10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
    11. attach the log in your next reply as an attachment.

    Regards Jason :)

    This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
     
  17. T_T

    T_T TS Rookie Topic Starter Posts: 19

    It seems to have the same problem there, Nothing happens when I click on scan now. :(
     
  18. Jase123

    Jase123 Banned Posts: 1,012

    Are you sure your doing it right? Not two scanners can fail.

    Lets try the Nod32 scanner;

    Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

    1. Check (tick) this box: YES, I accept the Terms of Use.
    2. Click on the Start button next to it.
    3. When prompted to run ActiveX. click Yes.
    4. You will be asked to install an ActiveX. Click Install.
    5. Once installed, the scanner will be initialized.
    6. After the scanner is initialized, click Start.
    7. Uncheck (untick) Remove found threats box.
    8. Check (tick) Scan unwanted applications.
    9. Click on Scan.
    10. It will start scanning. Please be patient.
    11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

    Regards Jason :)

    This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
     
  19. T_T

    T_T TS Rookie Topic Starter Posts: 19

    This one worked, heres the log.
     

    Attached Files:

    • log.txt
      File size:
      972 bytes
      Views:
      6
  20. Jase123

    Jase123 Banned Posts: 1,012

    Please could you post fresh HJT and Combofix logs.

    Regards Jason :)

    This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
     
  21. T_T

    T_T TS Rookie Topic Starter Posts: 19

    Here they are.
     
  22. Jase123

    Jase123 Banned Posts: 1,012

    Utorrent is installed on your computer and I see that it's running. While Utorrent is (a) clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.

    A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

    The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

    Please also read Malware Removal's Guide on P2P Programs.

    ===================

    Can you tell me how your computer is running? Any problems?

    Regards Jason :)

    This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
     
  23. T_T

    T_T TS Rookie Topic Starter Posts: 19

    Actually, That's the thing. I haven't noticed anything wrong with my computer except for the hjt log that I used to compare to one I had previously. Also since the last couple of days, It seems my computer tries to auto update through windows update but I've had that disabled for a long time but somehow it seems to be enabled every time I restart.
     
  24. Jase123

    Jase123 Banned Posts: 1,012

    Hmm very strange - something must be triggering it.

    Let me do do some research - I'll get back to you soon - or one of the others may reply to you.

    Regards Jason :)

    This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
     
  25. evilfantasy

    evilfantasy Banned Posts: 428

    Run HiJackThis and click "SDo a system scan only", then check the following, (if present)

    ALL of the 018 Entries

    Now, with all windows closed except HiJackThis, click "Fix checked".


    Post a new HijackThis log.

    Why do you not have SP2?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...