TechSpot

Hijackthis log

By Martini
Jan 3, 2009
  1. I recently acquired the Sagipsul virus and the Spyware Guard 2008 virus, and I'm pretty sure I got rid of them with Malwarebytes' Anti-Malware and SUPERAntiSpyware. Just to make sure I have nothing else, I'd appreciate it if someone could check out my HJT log.

    Going through the steps on the "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions."

    Installed Avira. Ran a scan and removed the infections. Log file attached.

    Installed Comodo Firewall.

    Ran CCleaner three times with browsers closed- everything checked except "Old prefetch Data."

    Disabled real time monitoring programs.

    Ran Malwarebytes full scan and attached log.

    Scanned with Superantispyware and attached log.

    Updated Java and uninstalled older versions.

    Ran HJT and saved log.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Well, SAS shows you made om trips to Limewire, so you must have closed the gate after the horse got out!
    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:

    Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK the following:
    Any processes for the Ask toolbar

    Control Panel> Add/Remove Programs> UNINSTALL any Ask Toolbar entries.

    Right click on Start> Explore> Windows > System32> right click> delete any of the following files if found:
    Reboot into Normal Mode: NOTE: you will get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.

    These two files can be related to the Comodo firewall
    Guard32.
    Cssdll32.
    But these two are unidentifiable:
    ptoqch.dll
    qjhxgd.dll
    And this Cssdll32.dll can be a Trojan/Backdoor.
    So the string is invalid, which is why you'll remove it:

    Run a new scan with HijackThis log and attach on next post. We'll see how the 020 entry displays.
     
  3. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Thanks for the help.

    The two middle entries did not show up. I deleted the other two.

    Didn't see any.


    None there.

    Wasn't there.

    No nag message.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The HijackThis log is clean. You didn't get the nag message because you didn't make any changes.

    Due to the Rootkit and malware in SAS:
    Please update and rescan with Malwarebytes, follow with SuperAntispyware, then new scan with HijackThis.

    If they are clean, we'll remove the cleaning tools,
     
  5. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Ran Malwarebytes and SuperAntispyware, came back clean.


    Which tools?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The cleaning tools are the programs you download and ran for the cleaning: Malwarebytes, SuperAntispyware, HijackThis.

    The log is clean. But there is still evidence of an additional Java program being installed other than v6u11. Take a look in Add/remove Programs and uninstall any other versions except v6u11.

    This is a startup loading that I recommend you uncheck using msconfig, on the Startup menu:
    Remove the cleaning tools:
    Clear your existing System Restore points and establish a new clean restore point:
    Let us know if we can be of more help. You should be running a bit better now.
     
  7. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Shouldn't I let SuperAntispyware run all the time to keep me from getting more nasties on my PC? I'm running that, Avira and Comodo.

    All I see in Add/remove Programs with the word "Java" is Java(TM) 6 Update 11.

    I don't see where I can select C:\ or a *More options* tab.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    OTCleanIt- revising directions:
    About SuperAntispyware: we send you to a site for a free download to scan in the malware cleaning. You're going to have to check the site to see if you can continue running it free.
     
  9. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Thanks again for all your help.

    Besides using Avira anti-virus and Comodo firewall, is there anything else you recommend I should use to make sure I don't get infected again?
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. I do recommend that you run at least 2 spyware/adware programs in addition to the AV and firewall.

    Here are some suggestions: all free:
    Spyware/Adware Programs:
    SpywareBlaster: http://www.techspot.com/downloads/568-spywareblaster.html
    Spyware Doctor: http://www.techspot.com/downloads/176-spyware-doctor.html
    Spybot Search & Destroy: http://www.techspot.com/downloads/149-spybot-search-and-destroy-detection-update.html

    Keep in mind that the first line of defense is the ISP, the second is the user- no matter what security programs a user has, safe surfing and email handling to required. This means:
    1. Don't click on pop-ups.
    2. Don't be fooled by a rogue program giving an 'alert' that you are infected, tricking you into downloading their program.
    3. Use some type of site advisor help. McAfee has one, IE7 has a phishing filter, Firefox has an advisor. Programmers often insert a commonly used word into a site so that it will come up in a search- then you find yourself on a porn site.
    4. Do NOT open email from a name you don't recognize.
    5. don't leave you personal email address on any internet site- get a 'throwaway' email, web based, email for this purpose.
    6. Do not open an attachment unless you are expecting it, know who sent it and what it is.
    7. Don't do 'surveys', raffles, 'win a million dollars' and other potentially dangerous come ons.
    8. Have as few processes as possible contacting the internet. I don't have ANYTHING doing auto-updates except the AV program.
    9. Do regular maintenance on the system to include disc cleanup, error check, defrag and scans with the security programs- always update each security program before the scan.
    10. File sharing sites will give you malware> BitComet, uTorrent, Limewire, etc.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...