TechSpot

HJT log

By blackeyes
Sep 18, 2007
  1. Hello, my first time posting. I did have a virus and several trojans on board but with the great tips and advice I found here at TechSpot I believe I've gotten them out. I'd still like to post my HJT and ComboFix logs. The AVG Antispyware log produced no reports available. I'm just now preforming another AVG scan in normal mode to see what comes up. I believe I got them all though.
     

    Attached Files:

  2. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    HTJ log Item O8 - Extra context menu item: &Search - ?p=ZNfox000 is a nasty - otherwise clean.
     
  3. blackeyes

    blackeyes TS Rookie Topic Starter

    After doing all those scans I still have a nasty? Crap! Any idea how to remove it?
     
  4. Rik

    Rik Banned Posts: 3,814

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of blackeyes only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. blackeyes

    blackeyes TS Rookie Topic Starter

    Been there, done that. Know how to get rid of the above nasty? I don't have an option of formating my hard drive. I don't have a recovery disk or XP software. I've already called my bank and changed my password and don't plan to use the web for that anymore. Just too many script kiddies out there. Again I ask do you know how to remove the above virus?

    Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section. ;)

    Just wanted to mention to you that I did a visual scan of my HJT myself and I thought that was suspicious too. I did a Google search of it and no Processes website came up. Thanks for pointing that one out.

    There was nothing of interest with AVG Antispyware.

    I forgot about the fix button with HJT. I checked it and removed the culprit. I'll reboot and do another HJT scan and see if it pops back up.
     
  6. Rik

    Rik Banned Posts: 3,814

    Did you get HJT to fix the entry that AlbertLionheart pointed out?
     
  7. blackeyes

    blackeyes TS Rookie Topic Starter

    Done.:wave: I understand HJT a little better now. It's not just for posting but removing as well. Cool.

    Thanks guys. There are a few people at work that could use this boards services. I'll be passing it along.;)
     

    Attached Files:

  8. Rik

    Rik Banned Posts: 3,814

    Your HJT log looks clean.:)

    Any more problems, please don't hesitate to post.
     
  9. blackeyes

    blackeyes TS Rookie Topic Starter

    Thanks rik.
     
  10. Rik

    Rik Banned Posts: 3,814

    No problem, any time.:)
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your system is not yet clean.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh Combofix log.

    Regards Howard :wave: :wave:

    This thread is for the use of blackeyes only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. blackeyes

    blackeyes TS Rookie Topic Starter

    Everything is fine until I get to this part:

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    What file? I'm assuming the file I downloaded to my desktop. When I do so I get a whole bunch of error messages when I click on the green light button. I hate that sound. In the Open Script File window I can navigate to the folder but there is nothing in it. Got any ideas?

    Keep getting error code 1114.
     
  13. Rik

    Rik Banned Posts: 3,814

    Did you download the Attached File - avengerscript.txt as Howard instructed you?
    Its at the bottom of his post.


    This thread is for the use of blackeyes only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. blackeyes

    blackeyes TS Rookie Topic Starter

    My mistake, I thought avengerscrip.txt was in the folder I downloaded. Thought the attachment at the bottom of the post was an example. I'll try it again. Thanks.

    Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section. ;)

    Ok sorry for all the confusion. I'm an old guy. Here's the logs you requested.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your logfiles are now clean.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of blackeyes only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. blackeyes

    blackeyes TS Rookie Topic Starter

    Done! You guys are the greatest. I'll be passing this helpful site around to all my contacts. Even a few truck drivers at work could use your services for their laptops. Thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...