TechSpot

I got an infection of some kind

By wallabing
Mar 15, 2007
  1. So, I went to Fark.com and clicked on a link on news, then AVG antivirus free edition pops up saying a trojan. I scanned with it and It dealt with it, but it gets worse.

    I ran Spybot and I got these entry's:

    Nat

    and the other one that says Win32

    http://img378.imageshack.us/my.php?image=cleanhw5.png

    No matter how many times I run Spybot, it keeps re-appearing from restart or when I boot up agian. Ad-aware se does not pick it up. AVG antispyware does not pick it up.

    I did the cleaning instructions

    Any help is really appreciated now!, I'm desperate.
     

    Attached Files:

  2. sultan_emerr

    sultan_emerr TS Rookie Posts: 61

  3. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Actually, the HJT log is clean, except you need to take the HijackThis file and move it to its own directory, i.e. C:\Program Files\HJT. That way when you do a fix, a backup will be saved in its own directory, instead of on the desktop.

    The AVG Antispyware log has a few tracking cookies in it. It looks as if AVG Antispyware is set to ignore tracking cookies. It shouldn't be like that, nothing should be on the ignore list. Go start-run, type in "cookies." Delete anthing there relating to 2o7 or tribalfusion.

    Now go into C:\Documents and Settings\Blue Power\Application Data\Mozilla\Firefox\Profiles\4b6yihf0.default and delete "cookies.txt".

    Did you do that HJT scan in safe mode? If so, I need to see a log from normal mode.

    You could have a rootkit there, though, that hides files. Download the AVG Antirootkit programme. Disconnect from the net and install the programme, then restart your computer.
    Run the programme and click the "Perform in-depth search." Allow AVG to complete the scan. The AVG scanner will give the "Rootkit path"
    * Select the Rootkit Driver by placing a checkmark against it and click "Remove selected items." Next, agree for the terms and conditions that is displayed by AVG and click "OK" to reboot the PC. Reconnect to the net.

    Please post here the results of the AVG Antirootkit scan, along with fresh HJT, AVG Antispyware, and ComboFix logs, the latter three posted as attachments.

    Regards :)
     
  4. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    Thanks for all your help. I got the new logs. It still wont go away after all the cleaning in the instructions.

    AVG rootkit found nothing
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, all the results in your AVG Antispyware log say no action taken. This is because you have not followed the instructions correctly for AVG Antispyware.

    Run a fresh AVG Antispyware scan and tell it to quarantine the results. See HERE for details.

    Post a fresh AVG Antispyware log.

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    Understood.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s all ok mate.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    Thank you very much! :)
     
  9. sultan_emerr

    sultan_emerr TS Rookie Posts: 61

    Shouldn't there be a re-boot(re-start) listed in there between disabling(turning off) system restore and re-enabling(turning on) system restore, as already stated/suggested here ?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Nope, no reboot required. Try it yourself if you need proof. ;)

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. sultan_emerr

    sultan_emerr TS Rookie Posts: 61

    Ok. Will do.

    Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section. ;)
     
  12. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    I just did another full clean last night just for safety. Does it look ok?
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    However, it appears you`re running two antivirus programmes, AVG free and Avast. This is not recommended, will slow your system down and can cause serious conflicts.
    Uninstall one of them immediately.

    It also appears you`re not running any firewall software. If that`s the case, then you should consider installing some firewall software. These two firewall programmes are both free.

    Zonealarm or Kerio.

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    Does my system still look clean now?
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean as a whistle mate. However, you haven`t renamed HijackThis_v2.exe to Analyze.exe. Unless you do so, I can`t guarantee your system is clean. See HERE for instructions, then post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  16. wallabing

    wallabing TS Rookie Topic Starter Posts: 69

    Thanks, here it is agian
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m pleased to say your HJT log is still clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of wallabing only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...