Hijack log

Status
Not open for further replies.
J

jmolina

Posts: 21   +0
I have an issue with a workstation running windows Xp. It has some king of malware or adware that I cant get rid of. I tried Adware Removal ,Symantec AntiVirus,Windows Defender Spybot and Vundo fix still has an issue whith pops are coming up all the time. I really dont want to reformat at this time. would like to fix the problem,.

Here is my HIJack Log. Any Help would be very Appreciated.

Thanks,
 

Attachments

  • hijackthis.log
    6.4 KB · Views: 7
You have the same infection as everyone else who posted logs today

Download and Install SDFix
  • Download SDFix and save it to your Desktop.
  • Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

Run SDFix
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

Malwarebytes' Anti-Malware

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


This thread is for the use of jmolina only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
The infection is PC-Antispyware aka Abebot aka trojandownloader aka vundo variant

and there are a number of bad entries in the log
 
Right, none of those will clean it in fact.

You need to run SDFix, MBAM, then you need to run

Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • Type "1" (and Enter) to start the fix.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
 
Trust me, it will be back, you need to run MBAM and combofix and attach the reports here.
 
You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm
------------------------------------------------------------------------------------------------------------------------------------------------


CFScript

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\qoMFVOhi.dll.vir
C:\WINDOWS\system32\dhhlxfnm.ini
C:\WINDOWS\system32\qtaxpkja.ini
C:\WINDOWS\system32\lrtgyymb.ini
C:\WINDOWS\system32\uhiygetv.ini
C:\WINDOWS\system32\hvrlgson.ini
C:\WINDOWS\system32\tqkqjnoi.ini
C:\WINDOWS\system32\vrhtovos.ini
C:\WINDOWS\system32\rqRIyvvs.dll
C:\WINDOWS\system32\pmzofgby.exe
C:\WINDOWS\system32\mnfxlhhd.dll
C:\Documents and Settings\All Users\Application Data\jkrelebs\bapwnspe.exe

Folder::
C:\Documents and Settings\All Users\Application Data\jkrelebs

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4198150A-8F56-4DEC-BEDC-7BE01A6F5F9A}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"svqhybqi"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7053a14b"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"UmUo5wtacr"=-
Click to expand...

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

-------------------------------------------------------------------------------------------------

Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

----------------------------------------------------------------------------------------------------

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Attach the report into your next reply
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Your outdated version of Windows Media Player 6 will still work after the Y2K38 bug ends...
Replies
6
Views
148
dangh
dangh
A
Microsoft fixes 5-year-old Windows Defender bug that was killing Firefox performance
Replies
14
Views
846
Hotlynx16
H
midian182
Blade Runner director Ridley Scott calls AI a "technical hydrogen bomb"
2
Replies
34
Views
798
Mark Fuller
M

Latest posts

Back