TechSpot

HJT from safe mode

By ctop
Aug 29, 2007
  1. hi there

    was running multiple virus programmes earlier without too much trouble, went away and came back, can now only really get my pc to work from safe mode.

    HJT attached, any ideas on what to do/remove from safe mode, apologies if this is answered elsewhere i was browsing the other forums earlier but the problem has escalated and my access is quite limited, thanks for any help.
     
  2. Rik

    Rik Banned Posts: 3,814

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of ctop only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. ctop

    ctop TS Rookie Topic Starter

    ive managed to get some stuff cleared using a-squared in safe mode, normal mode now working and my resolution is back so i can see what i am doing, im working through the advice given above and will get back to you when i have some results

    mmm...

    run into a problem at step 12, i could not get into safe mode other than in admin account (was the only visible acount i had) so i created two new accounts (one an admin, one not) and turned on guest account as well to try and get into safe mode via them, this has now made my original admin user account disappear which is the one i had done the previous 11 steps through...

    things are working better but any ideas where my other account has gone? i dont seem to be able to access the .exe files i downloaded in the previous steps and whenever i try to change the msconfig to stop startup programmes i get an error saying i may need to log on as admin, even when i am in admin user account...


    let me know if you need a report log of any kind posting up

    have attached the latest HJT (analyse.exe) report if that helps
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your running an outdated version of HJT, see HERE.

    Also, you haven`t attached the rest of the requested logfiles.

    Do not use msconfig to make any changes, unless otherwise instructed to do so.

    If you have disabled anything in msconfig, you should re-enable it immediately. That is so we can see what`s running on your system.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of ctop only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. ctop

    ctop TS Rookie Topic Starter

    have attached all logs and avg anti-root returned nothing following instructions, also fixed all anti-spy findings

    any thoughts?

    thanks
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All items in your AVG Antispyware log say "No Action Taken". That`s because you haven`t told AVG Antispyware to quarantine it`s results as per the instructions. See this pictorial guide.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    whInstall
    Webhancer

    Close control panel.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT, Combofix and AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of ctop only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. ctop

    ctop TS Rookie Topic Starter

    thanks, how does this look now?
     
  8. Rik

    Rik Banned Posts: 3,814

    You STILL havent renamed hijackthis.exe as per the instructions. This needs to be done as some malware can hide from it.



    This thread is for the use of ctop only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. ctop

    ctop TS Rookie Topic Starter

    right hows this, did rename but then updated hjt and the update wasnt renamed, just did it to analysethis.exe in prog files destination folder.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    Fix all 02 and 03 entries that say (no file)

    Other than that, your HJT log is clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of ctop only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. ctop

    ctop TS Rookie Topic Starter

    thanks for the help, have done the fixing

    all seems fine now, lost my original admin account along the way but never mind

    thanks again
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...