HJT Log

[monzi]

good day to all here..
i am also in trouble with the task manager problems, and i cant open also the regedit..
i do not want to reformat that easily, i got the virus when my sister is using the pc and connected a usb.. X(
apparently, i have no installed anti virus that time cause i will install another one, didnt expect someone would use the pc before me..

hoping you could help me.. :S
tnx also, more power..

 

[howard_hopkinso]

Hello and welcome to Techspot.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Click on the fix checked button.

Close HJT and reboot your system.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

wow, fast reply..
tnx sir howard..

i did the scan when i am also browsing the net, reading your forums also..
i will redo the hjt scan with the firefox close right.. very much appreciated for the help..

i am currently scanning now with the AVG AS, do i need to have a combofix as well or the two other programs can picture out the problem? ;p

 

[howard_hopkinso]

You need to follow all instructions and post all requested log files.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

ah, i will post the AVG AS log after a while, i did a full scan..
this may take a bit longer, i will follow the instructions on the task manager troubleshooting once i get the regedit running..

i hope this will work, i think this is a backdoor trojan.. :S
though they wont get any business,money accounts from this cause i have less money too haha..
i have tried many antivirus and spyware removers already..
like nod32,a-squared malware

 

[monzi]

ei there, i just removed some services from the symantec and my task manager got running..
i also have removed the regedit disabler too..


now, what would i do next to prevent this?
i knew that norton thing was doing something, i cant uninstall him last time, the uninstall was gone.. :S

the task manager shows 100% sometimes, and the one consuming the speed is a guard.exe, is this ok?

 

[howard_hopkinso]

Guard.exe is part of the AVG Antispyware programme.

I`d like to see the rest of the requested logfiles.

In the mean time I suggest you do the following.

Download this Symantec/Norton removal tool.

Then, download one of the free antivirus and firewall programmes below.

AVG free or Avast antivirus programmes.

Zonealarm Kerio or Comodo free firewall programmes.

Disconnect from the net and run the Symantec/Norton removal tool and reboot your system the required number of times.

Install whichever firewall you chose and reconnect to the net.

Finally, install whichever antivirus programme you chose and run the antivirus updates.

Do a full system scan and delete whatever is found, including anything in quarantine/virus vault.

Post fresh HJT, Combofix and AVG Antispyware logs and let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

here is the scan of AVG AS..
i do not have the combofix yet and the panda antirootkit.. :S

the only problems i have now, is a bit slow on start up.. where is this lag coming from?

tnx

 

[howard_hopkinso]

Uninstall AVG Antispyware and see if that helps with your lag problem.

Post a combofix log as well as a fresh HJT log and let me know the results of the panda antirootkit scan.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

ei there..
in our pc, we have two accounts, my sister's and mine..
both are also admins..
however in her account, the task manager and regedit is disabled, but in my user it is not disabled anymore..

also in the folder, when i click tools..
the folder options is not there, :S
only disconnect network drive, map network drive, and synchronize

in the anti-root kit, must i do an in-depth scan?
how about combofix, i read something here that it has an irregular behavior.. :S
tnx again sir howard

after using the combofix, i can open my folder options again..


i will post the logs here, and kindly inform me if there are still problems left..
will do the next steps, reboot in safe mode and scan all with the antivirus, SS&D, Ad aware personal..

i uninstalled the AVG AS, is it still needed? tnx alot to all here..

 

[howard_hopkinso]

in the anti-root kit, must i do an in-depth scan?

Your haven`t posted a fresh HJT log as requested. Nor have you let me know the results of the antirootkit scan.

Just follow the instructions as written, otherwise it just makes it that much harder for me to help you.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

sorry,,

the anti root kit said it haven't found anything..
here is the new HJT log.

 

[howard_hopkinso]

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and combofix log.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

what does the avenger really do?
can i choose what to delete..
cause in the anti root kit, it just scanned and tried to clean whatever it can..
though it saw nothing..
about the combofix also, i didnt got a choice what to delete..

 

[Jase123]

The avenger will delete files that can't be deleted in control panel.

It is a very powerful tool, so follow Howards advice in his post above, and you will be ok.

Howard want's you to delete these files using Avenger: The files that need deleting are in my attached notepad below.

Regards Jase

 

[monzi]

ah, ok tnx..
i will post the fresh hjt and that later...
i just downloaded it..
its not needed to connect in the net right?

 

[howard_hopkinso]

what does the avenger really do?
can i choose what to delete..
cause in the anti root kit, it just scanned and tried to clean whatever it can..
though it saw nothing..
about the combofix also, i didnt got a choice what to delete..

The Avenger is a tool for deleting unwanted files/folders/regkeys/drivers etc.

Follow the instructions in my post above.

Jase123: What was the point in attaching another Avenger script? We don`t need two. I have removed it.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

here is the new hjt, combofix, avenger..
in the combofix, there is no completed stage_17, is it ok?

in the avenger, it can't delete a certain folder, it says "not an exe etc"
tnx


ei, i cant upload the combo fix, it says you already have it in this thread.. :S

 

[howard_hopkinso]

I have removed your previous Combofix log, you should now be able to attach a fresh one.

Your HJT log is clean.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

flcss.exe

Close task manager.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\system32\flcss.exe
C:\WINDOWS\linkinfo.dll

Reboot into normal mode and rehide your protected OS files.

Post a fresh Combofix log.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[monzi]

there, removed both of them..
what is the folder qoobox for? i saw it in the C: drive when i showed the hidden folders and in safe mode..

here is the combofix log

 

[monzi]

forgot to include it..
here

 

[howard_hopkinso]

It seems you`ve forgotten to attach a fresh Combofix log.

The Qoobox folder is where Combofix keeps it`s backups of files it removes and can safely be deleted.

Regards Howard

This thread is for the use of monzi only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.