TechSpot

HJT log  please

By swker98
Jul 29, 2007
  1. Hi, havent been on the fourms in a while, anyways my friend is having bada spyware problems

    ive downloaded Avg anti virus and spyware, adaware and spybot and they cleared alot, i had alot of backdoors, i see that in my log also

    if someone can suggest how to remove the nasty backdoors that wont budge in safemode

    thanks

    edit the hjt is before the combfix, i will fix it


    edit: fixed the hjt


    the safemode is after vbg, smithfraud and vundo
     

    Attached Files:

  2. BlameCanada

    BlameCanada TS Rookie Posts: 320

    If you have all those nasties,maybe a reinstall would be a better idea.
    Plus,educate your friend about Internet security.
     
  3. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    newest log i think its cleaner then when i started, i cleared most of the naties, can someone confirm this?


    the onlly thing im suspisous of is the 04 entry winslogin.exe it looks like winlogin.exe
     
  4. momok

    momok TS Rookie Posts: 2,265

    Hi

    Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

    Let me know your decision.


    Regards,
    Your friendly momok =)

    This thread is for the use of swker98 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    i think all my friend used it for was im or internet but ill chack to make shure but i think the infections are mostly gone so i dont thinkill format

    how does my HJT log look?
     
  6. momok

    momok TS Rookie Posts: 2,265

    Hi,

    The reason I asked you to read the thread to decide is because your system is still infected. Get back to me on your friend's decision.

    Regards,
    Your friendly momok =)

    This thread is for the use of swker98 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    they want me to clean it

    whats my next step?
     
  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Step 1:

    Go into Add or Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint or Outerinfo.

    Step 2:
    Then run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    O4 - HKLM\..\Run: [Microsoft Logon Event] winslogin.exe

    O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\john\LOCALS~1\Temp\kjwhvfxi.dll",forkonce

    O4 - HKCU\..\Run: [mwoi] C:\PROGRA~1\COMMON~1\mwoi\mwoim.exe

    O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe

    O4 - HKCU\..\Run: [Microsoft Visual Enhance V2.1] C:\WINDOWS\iuntfs32.exe

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close all programs except HijackThis. Click the Fix Checked button. FIxing may take awhile; once it's done, close HijackThis.

    Step 3:

    Go to Start->Run, type in cmd

    Press Enter.

    Once the black window appears, type in the following:

    sc config "viewmgr" start= disabled

    Press Enter.

    Once it finishes that operation, type exit and press Enter, which should close the window.

    Step 4:

    Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

    Referring to the image below, drag the CFScript.txt that you just downloaded over onto ComboFix.exe and release.

    [​IMG]

    This will ask ComboFix to execute the instructions within my file. Let ComboFix run normally and do its job. Attach the resultant log in your next reply.

    Step 5:

    Please navigate to www.virustotal.com.

    Click the Choose... button.

    Navigate to the following file:

    C:\WINDOWS\system32\stfv.bin

    Click Open. Then click Send File.

    Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer.

    Step 6:

    Post a fresh HijackThis log, as well as the log resulting from the CFScript, and the VirusTotal log.

    Regards :)

    This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  9. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    your looknig at my old log, ill do that stuff but look at post 3

    but ill fix that stuff thats not alredy done in HJT
     
  10. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    here is everything, looks good
     

    Attached Files:

  11. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Everything looks good.

    However, I somehow missed telling you to rename HijackThis.

    Right-click on the HijackThis.exe file and choose Rename. Change the filename to swker98.exe, analyzer.exe, or whatever you prefer (just something other than HijackThis.exe). Then rerun HijackThis and post a fresh HJT log only.

    The reason for this is that some malware can hide from HijackThis.exe.

    Regards :)

    This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  12. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    thanks for all your help
     

    Attached Files:

  13. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I noticed in your log that you have Windows XP service pack 1 installed. Service pack 2 has been released.

    I recommend that you visit Windows Update and install all of the high-priority updates (service pack 2 should be in the list). Updating Windows is essential; if you don't do it, your computer is at much greater risk of being infected and/or hacked.

    Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

    Turn off system restore. See how HERE
    This will remove all your system restore points, including any malware hiding in them.

    After that turn system restore back on.
    This will create a new, clean restore point for your system.

    Often, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article. This can help to prevent future infections.

    Should you have further virus/spyware problems, please post in this thread.

    Regards :)

    This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  14. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    this log is from a different computer
    just want to make sure its good
     
  15. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    The other log is clean as well.

    Regards :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...