HJT log for review - had .tibs and luder.a worm

Status
Not open for further replies.
R

reyna

Posts: 21   +0
Hello,

My mother started noticing all of these .t extension files on her computer. I did a little looking and ended up here. I followed the "prelliminary removal" instructions and here is my log. Please let me know if I need to do anything else. Any help would be greatly appreciated!
 

Attachments

  • hijackthis.log
    19.5 KB · Views: 6
Hello and welcome to Techspot.

Your system is infected with at least one trojan.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Post a fresh HJT log and an AVG Antispyware log as per the instructions in this thread HERE.

Regards Howard :wave: :wave:

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Okay. Those are the instructions I originally followed. The only thing was that I could not get the smitfraud fix tool to work, as when I tried to open it it told me that I did not have permission to access.

Are you asking me to do all of those things over again and post new HJT and AVG antispyware log? I just want to make sure I do it right.
 
hi Reyna.
Howard hasn't mentioned this yet, but he most certainly will. you are running norton (symantec) and zone alarm together. these two programmes are no compatible. you will be far better of running zone alarm firewall (free), with (free) rather than norton. norton is a big name and big bother!!
 
reyna said:
Okay. Those are the instructions I originally followed. The only thing was that I could not get the smitfraud fix tool to work, as when I tried to open it it told me that I did not have permission to access.

Are you asking me to do all of those things over again and post new HJT and AVG antispyware log? I just want to make sure I do it right.
Click to expand...

You should try and run the smitfraudfix again, but don`t worry too much if it still won`t work.

I didn`t mean for you to follow all the instructions again, I just wanted you to follow the instructions for AVG Antispyware, then post fresh log files.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Thanks, both of you. I will get my mother to send me a fresh for HJT and AVG antispyware asap. [Do the scans still need to be run in safemode?] The next time I go to her home I will follow your all's instructions for getting rid of Norton.

I cannot tell you how many times I said, "Mom do you have your antivirus updated?" and she said yes. I swear I don't think she's updated it since the computer was purchased in 2002.

Okay, got them. Thanks guys.
 
Delete all files in AVG Antispyware quarantine.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

alsys.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O4 - HKLM\..\Run: [Agent] C:\WINDOWS\System32\alsys.exe

O4 - HKCU\..\Run: [Agent] C:\WINDOWS\System32\alsys.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

Fix all 018-Protocol: entries.

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\System32\alsys.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is clean.

You are running more than one antivirus programme. this is not recommended, will slow your system and can cause conflicts. I suggest you completely uninstall Symantec/Norton crapware. If you have any problems with the uninstall, see this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Can't access certain sites

Hi guys,

I have a laptop and my husband has a desktop computer and they are networked. Neither of us can access certain sites in either IE or FirefoxWhen trying to load these sites, you get each browser's version of the "404 error" page after a couple seconds. Examples of sites I cannot access are macys.com, wvu.edu, and ftc.gov. I followed the preliminary instructions and attached are my hijack this log and AVG antispyware log.
 
Threads merged.

Your system is infected with a rootkit.

Download and run the Blacklight programme. follow all the instructions carefully.

Post a fresh HJT log after doing the above.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi Howard, sorry I have different threads running because they were for different computers. I tried blacklight and it did not find anything but here is the log.
 
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{168DF924-B89F-471E-BD2D-60E44F65EE7B}: NameServer = 85.255.113.91,85.255.112.180

O17 - HKLM\System\CCS\Services\Tcpip\..\{2729BBD8-F2E6-4CD7-903B-FFA5AF4766B4}: NameServer = 85.255.113.91,85.255.112.180

O17 - HKLM\System\CS1\Services\Tcpip\..\{168DF924-B89F-471E-BD2D-60E44F65EE7B}: NameServer = 85.255.113.91,85.255.112.180

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
And finally.. my husband's computer

Thanks, this is my husband's logs on his comp. I suspect it is his comp that hangs everything up on access to the sites.
 
Delete all files in AVG Antispyware quarantine.

Download and run the Blacklight programme. follow all the instructions carefully.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

dmkmf.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: localhost 127.0.0.1

O4 - HKLM\..\Run: [dmkmf.exe] C:\WINDOWS\system32\dmkmf.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O17 - HKLM\System\CCS\Services\Tcpip\..\{20FF2619-B70D-46D1-BC0E-A800208D431B}: NameServer = 85.255.116.130,85.255.112.191

O17 - HKLM\System\CCS\Services\Tcpip\..\{21DB5A62-3B35-41C2-9592-5E4E5CDF8E15}: NameServer = 85.255.116.130,85.255.112.191

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1EEB06E-BD36-406D-9712-80DC711256DE}: NameServer = 85.255.116.130,85.255.112.191

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.191

O17 - HKLM\System\CS1\Services\Tcpip\..\{20FF2619-B70D-46D1-BC0E-A800208D431B}: NameServer = 85.255.116.130,85.255.112.191

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.130 85.255.112.191

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\dmkmf.exe

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Done - fresh log.

ps I see down at the very bottom there is "O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)" is that something that needs fixed?
 
Well done, your HJT log is now clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Let the deity of your choice bless you, and is there a place here where I can donate or something? Thank you SO much for reviewing these!
 
Techspot is paid for from advertising, therefore, it`s not necessary to make a donation. Thanks for the offer though.

Regards Howard :)

This thread is for the use of reyna only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Julio Franco
Expert tips for great video conferences, virtual meetings and interviews
Replies
0
Views
799
Julio Franco
Julio Franco
Steve
Nvidia doesn't need us anymore: How is the GeForce RTX 3080 12GB launching to zero reviews
5 6 7
Replies
152
Views
12K
cliffordcooley
cliffordcooley
A
The ugly side of Nvidia: A rollercoaster ride that shows when Big Tech doesn't get it
5 6 7
Replies
170
Views
18K
Endymio
Endymio

Latest posts

Back