TechSpot

Help with malware/virus

By JJ1
Dec 8, 2009
  1. i tried to run 8 step and only thing i was able to run were superantispyware and ccleaner. viruscan and malwarebytes error out. can some please help? heres a hijackthis log
     
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Run HJT again with Scan Only
    Check (tick) the following entries and then select FIX
    Close HJT

    Restart

    Now try running and updating Malwarebytes and SUPERAntispyware
    Then provide all 3 logs again

    Note: I'm not a biggy on McAfee, actually I just don't like it :(
    My feeling is you should uninstall it normally, then run the >> McAfee Removal Tool
    Restart

    Update (being the key word ;)) to the much better Antivirus >> Free Avira
    Download; Install; Update; Run a full scan > And then watch how Avira finds and removes Viruses that McAfee missed ;)

    I'd do that :)
     
  3. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    thank you for your response. i installed antivir and it still didnt run. i was able to get malwarebytes to launch by changing extension so here are the 3 logs. thx

    malwarebytes and superantispyware will not clean those files
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Please uninstall SUPERAntiSpyware, through Control Panel > Add/Remove Programs

    Then run IE Reset Fixit Tool:
    [​IMG]
    Or manually from here http://www.techspot.com/vb/post682762-2.html
    Then restart Internet Explorer


    Combofix:
    • Download [​IMG]Combofix to your desktop.
    • Disable your Antivirus (as Combofix will remove any found malwares)
    • Double click ComboFix & follow the prompts.
    • A window will open with a warning. Just follow the prompts
    • When the scan completes it will open a text window. Please attach that log back here
    Also restart and provide a fresh HJT Scan log

    2 Attachments required
    Note: HJT Scan must be done after Restart
     
  5. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    everything is running now :) thx

    heres log.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The process DAD8.exe is a legitimate process for the Corel Desktop Application Director 8. It doesn't need to be removed, but doesn't need to start on boot and run in the background.
     
  7. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    No probs :grinthumb

    I didn't look at the 1 log though

    But if you are happy with that :confused:, then all done :)
     
  8. JJ1

    JJ1 TS Rookie Topic Starter Posts: 16

    dad8 is back and all is good. thx for your help
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Glad to hear :) See you next time :grinthumb
     
  10. kritius

    kritius TS Guru Posts: 2,084

    What about that ComboFix log? Do you also really want to leave ComboFix on their system??
     
  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    There's no Combofix log. I can only work from logs. I cannot remove what isn't there ;)
     
  12. kritius

    kritius TS Guru Posts: 2,084

    I know that, you asked them for it earlier, if ComboFix was run you want to see the log. If it wasn't run then you at least want to remove it.
     
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I tried to explain this to Bobbye in PM too
    If the member is happy with the result, and does not want to follow what I have stated, then who am I to argue with them
    Maybe someone else was there and fixed it all up, or maybe he just doesn't want anymore support
    I'm happy with that, if they are. Personally I would have felt best they just followed what I asked, but again they're not interested it seems. So be it.
     
  14. kritius

    kritius TS Guru Posts: 2,084

    You don't ever want to leave ComboFix on someones computer though, that is the point, too many bad things can happen with it.

    ComboFix /Uninstall is all it takes to remove it.
     
  15. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    But the log hasn't been viewed yet :p

    Anyway enough of this bickering, we agree to disagree as per usual :)
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    JJ1 (dad8?) you shoiuld remove the cleaning programs> please follow this:


    Uninstall ComboFix.exe And all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    Remove all of the tools we used and the files and folders they created
    • DownloadOTCleanIt by OldTimer
    • Save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    The tool will delete itself once it finishes.

    If you are prompted to Reboot during the cleanup, select Yes.


    You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
    • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
    • Click "OK" to select the partition or drive you desire.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    More details and screenshots for Disk Cleanup in Windows Vista can be found here.

    Stay clean! Let us know if you need more help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...