Hijackthis Log - Worries about Diallers

Status
Not open for further replies.
C

Cheeseweasel

I was recently browsing the web, when I came along a perfectly harmless-looking website (if it helps, I was using firefox). The download window popped up, and it automatically accepted. The file downloaded and automatically ran itself.

Obviously I was worried, but I noticed no real worries, It seemed to be an installer for a program. I looked at my desktop and had something called 'cmb<random string of alphanumeric characters>'. The picture above the text looked like a link to an IE site. As soon as I right clicked it to inspect the properties, it automatically opened the file.

It came up with an Internet Explorer page - something to do with 'erotic'. I closed down the window, and again I now found a new icon (the picture was an IE link) on my desktop called 'Girls.exe'. On trying to delete both icons (I selected them both, hit the delete key and chose 'yes'), it told me that they both could not be deleted.

I didn't click on it, instead, I went to 'add and remove programs' and deleted the program. On the A+R Programs menu, it didn't display the CMB program. It simply showed Girls. After deleting it, it said I had to restart my PC.

I was worried by this because I thought it may have affected my bootup files. However, I reluctantly restarted the computer. It started up fine. Both icons had disappeared from my desktop and the add and remove programs menu. I downloaded and ran Hijackthis and could not see anything looking very suspicious, but just to be on the safe side, I decided to post my log here.

Nothing has happened (yet) which is unusual since the problem occured. No popups, search bars etc. I'm using Firefox right now.

Please could somebody analyze this log and tell me if any files on it look wrong? I'm worried I may have a dialler or another kind of irritating virus.

Thankyou in advance,
Cheeseweasel
 
Hello and welcome to Techspot.

Go HERE and follow the instructions exactly.

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:
 
Hijackthis Logfile (NO AUTOMESSAGES PLEASE)

(log is attached)

I've posted here twice and both times gotten the same automated message. I've done what it asks. SOMEONE PLEASE TELL ME WHAT TO DELETE. I'm constantly disconnected from the internet, and whenever I post the logfile, I get this automated message. Please could somebody help me.

Thank you in advance,
Cheeseweasel
 
That wasn`t an automated message, it was a set of instructions for you to follow.

I have merged your new thread into this one.

I will analyse your HJT log and get back to your shortly.

Regards Howard :)
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

SysProtect Free

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

i-hate-keyloggers.exe
USYP.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O4 - HKCU\..\Run: [I-Hate-Keyloggers] C:\Documents and Settings\Kieran\My Documents\i-hate-keyloggers.exe

O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan

O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab

O16 - DPF: {958FCAB0-616B-11D3-A63F-00001B322780} (TimetickerLittleHelpers.usfServer) - http://www.timeticker.com/Timeset/TcpServer.CAB

O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/sysprotect.com/scanner/pages/scanner/Sys ProtectScannerInstall.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5ACDFE96-DF1E-41BB-8158-FEB05263A1E8}: NameServer = 195.92.195.94 195.92.195.95<Only fix this, if it doesn`t belong to your ISP.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\SysProtect Free
C:\Documents and Settings\Kieran\My Documents\i-hate-keyloggers.exe

Reboot into normal mode and turn system restore back on and rehide your protected OS files.

Post a fresh HJT log.


Regards Howard :)

This thread is for the use of Cheeseweasel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
New Log

Hello again,
Thank you so much, it seems to have worked. However, as soon as I connected to the internet, 10 seconds into my connection, it disconnected. But I have been running for about 20 minutes with no disconnections yet. I've attached another log. Sorry for getting slightly angry in my last post. I'll tell you if it goes wrong again.

Thank you
Cheeseweasel
 
Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of Cheeseweasel only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

midian182
Nvidia CEO Jensen Huang says he constantly worries that the company will fail
Replies
16
Views
523
AdamNovagen
AdamNovagen
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
Jess_123
My num pad + doesn't work ...
Replies
0
Views
280
Jess_123
Jess_123

Latest posts

Back