TechSpot

HJT log and malware baddies giving me pop ups

By Xristus
May 27, 2006
  1. Malware baddies are causing popups. Newest HJT log heen saved and posted. Ran an adaware sweep to cut down any spyware during my scan.

    Please list the files that I should remove.

    Thanks in advance

    `Xristus

    [Updated HJT attached]
     
  2. Spike

    Spike TS Evangelist Posts: 2,168

    :wave: welcome to TechSpot :wave:

    Please follow the instructions in the sticky thread at the top of the forum, with the title Follow these instructions BEFORE posting your HJT log.

    Only THEN please post your HJT log as a .TXT attachment, as per the instructions in that thread.

    Regards, Spike
     
  3. Xristus

    Xristus TS Rookie Topic Starter

    Updates

    I ran the following

    CWshredder-Found nothing
    Spybot-Cleaned out what it found
    F-secure or w/e- the following files were found using but I was unable to locate them to remove them. I have show hidden files on so I'm slightly baffled as to why I can't find them.

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052512.exe Trojan-Downloader.Win32.Swizzor.eu

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052513.exe Trojan-Downloader.Win32.Swizzor.fg

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP374\A0052514.exe Trojan-Downloader.Win32.Swizzor.fg

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053545.exe Trojan-Downloader.Win32.Swizzor.dv

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053546.exe Trojan-Downloader.Win32.Swizzor.fg

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP375\A0053547.exe Trojan-Downloader.Win32.Swizzor.fg

    C:\System Volume Information\_restore{8F96C08F-DFA4-4B4B-978E-2AEC23389A9C}\RP384\A0054699.exe Trojan-Downloader.Win32.Swizzor.fg

    TrendMicro-Froze up on me or just decided to stay at two bars for over two hours

    Ive cleared the cookies and all that jazz from the browsers so I'll resubmit a HJT log in place of the old one and if there are any further things I may have overlooked please notify me.

    Also if it requires booting into safe mode don't hesitate to tell me I'm capable of doing that if its needed.

    Thanks again

    Xristus
     
  4. Spike

    Spike TS Evangelist Posts: 2,168

    That's good. The files in system volume information are within restore points. Simply disable system restore to get rid of them.

    Could you now please follow the rest of the instructions, and we'll take a look. When done, please post a fresh HJT log and your Ewido scan log in a new reply to this thread.
     
  5. Xristus

    Xristus TS Rookie Topic Starter

    Heh here we go again

    I've now attached a copy of the ewido scan I ran. I performed the full system one. I've also left an updated copy of the HJT log. I tried once again to get trend to run but it hits two bars and doesnt get any progress no matter how long I let it run.

    I've got to get going so if theres anything else let me know.

    Thanks again Spike

    `Xristus
     
  6. Spike

    Spike TS Evangelist Posts: 2,168

    1, Place HiJackThis into its own directory (eg, c:\hjt\ ) - IMPORTANT!
    2, Reboot to Safe Mode, disable system restore, and show all hidden files and folders

    3, Open ask manager, and end the following if present...
    Scr Admin Comp.exe

    4, Run HJT, and fix the following...
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O2 - BHO: (no name) - {AEAE8F6B-8E20-6EAF-6525-257ED17D0964} - C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\PhoneDead.exe (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O4 - HKCU\..\Run: [Stupid flaw] C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\Scr Admin Comp.exe
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    All 016 entries

    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    /* Fix the following only if it is not recognised/wanted */
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BBCAD5D0-E6F8-4F65-BC66-53EC1F25BB0E}: NameServer = 24.217.0.5,24.217.0.55

    5, Delete the following files and folders (in bold)...
    C:\Program Files\AWS\
    C:\Program Files\AOL\AOL Toolbar 2.0\
    C:\DOCUME~1\LAPTOP~1\APPLIC~1\SUPPOR~1\
    C:\DOCUME~1\LAPTOP~1\APPLIC~1\OOZEPL~1\

    Re-enable System restore, reboot to normal mode.

    You also need to install a firewall - ZoneAlarm or Sunbelt Kerio are both good options.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...