I think my computer is infected, Please help!

Status
Not open for further replies.

adu123

Posts: 278   +0
I think my window is infected by some sort of malware because it takes kinda long time to boot, sometimes the screen even turn black. I would be grateful if someone can check the hijackthis log for me.
 

Attachments

  • hijackthis.log
    7.3 KB · Views: 6
Viruses/Spyware/Malware, preliminary removal instructions
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

I'd also recommend downloading CCleaner to remove all junk from your computer

Also download / update and full scan with SuperAntiSpyware:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

You can also download Startup Control Panel to remove any unwanted Windows startups

You will then need to re-submit a HijackThis Log afterwards info here:
https://www.techspot.com/vb/topic19133.html
 
Here is the fresh HijackThis log. I've tried to fix the third entry(02) which neither has name nor file, but it still remains there everytime I do a scan. and also after I deleted all of the items in the backup section, they keep coming back!
Today when I go to IE7, I noticed the order of my favorite website has been rearranged for unknow reason, Could this be a sign of infection? Thank you for your help
 
Still lots of problems
Did you complete all steps above ?
Especially "Viruses/Spyware/Malware, preliminary removal instructions"
 
Stopsign Threat Scanner has detected my computer is infected with Adware.Tencent.origin. The following are the path of the infected files:

c:\program files\tencent\ssplus\scrax.dll <Adware.Tencent.origin>

c:\users\jing\documents\qq\qq2007ii_beta2sp1.exe:data1854:data003 <Adware.Tencent.origin>

Tracking Cookie: Spyware Cookie
C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Cookies\Low\jing@msnportal.112.2o7[1].txt is Infected.

Any ideas how to remove those infections? Thank you
 
Completing all the steps above, should have removed this
Have all steps been completed ?

If so then possibly the infections are in System Restore which should be turned off during the scans
Or it has re-accured by going back on the web, and not coming straight back to TechSpot with the results from the scans
Or your firewall, or lack of firewall is allowing intruders to re-infect your computer.

I have posted another option before, to users who come back with similar issues to before, and stating without success.

Please go to www.hitmanpro.com
Download their program and fully run it (this usually takes hours)
Although, the scanning is fully automated, you will need to tick "accept" twice during the scan progress
1 Acceppt all
2 Spysweeper accept (pretty sure it's spysweeper that requires single accept)

Reply back with the results
 
Can I just delete those infected files to kill the infection? By the way, how can I reach momok, I need his help.
 
Hi

I suggest you do the following before doing anything else.

Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
Do follow all the instructions exactly.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
Do not copy and paste your logs if not they will be removed.

Our experts here will tend to your queries thereafter.

Also, please provide the results of the Antirootkit scan


Regards,
momok =)

This thread is for the use of adu123 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
 
Hi, momok. Sorry for the late response because I had to do my homework. I've followed all the steps in the Viruses/Spyware/Malware, preliminary removal instructions, I've posed the requested HijackThis, AVG Antispyware and Combofix logs. I can't tell you the results of the Antirootkit scan because AVG anti-rookit wouldn't run on my window vista, I think it's not compatible with it. Thank you for helping me once again.
 

Attachments

  • AVG scan report-20080114-152131.txt
    2.3 KB · Views: 5
Hi,

All your logs look clean.

I assume you are chinese, and use the popular QQ program and its related components. To the extent of my knowledge from reading information online (my chinese is not very good) Tencent is the company that came up with QQ.

I would believe that your QQ program occasionally alerts you with ads, thus its classifcation of one of its files as adware. Its not a huge problem, and I believe most chinese users face the same situation as you are. I wouldn't suggest removing those files as they may interfere with the workings of QQ.

Regards,
momok
 
hi, momok. Thank you for taking your time to help me with my problem. I know you're a busy man. Yes, I'm chinese,and I'm very happy about fact that you also speak chinese because I trust you the most when it comes to computer:D even though you're don't speak chinese very well. QQ program does alerts me with ads everytime I login, but it's mostly news. I want to know is QQ safe enough to use?
Another minor issue, everytime I open IE 7 from the start menu, a message box will says: Cannot find{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}, make sure the path or Internet address is correct. When I close the message box, the browser will load just fine. I don't know what's going on? Thank you
 
Hi,

Yes QQ is safe =)

Would you try open IE, then go to Tools > Manage Add ons > Enable/Disable Add ons. Disable each item in the list one at a time and restart IE to see if the problem occurs. Do this until you have discovered add-on which is causing the problem.

Regards,
momok
 
Would you try open IE, then go to Tools > Manage Add ons > Enable/Disable Add ons. Disable each item in the list one at a time and restart IE to see if the problem occurs. Do this until you have discovered add-on which is causing the problem.

I thought the message box is caused by some unknown problem in the registry keys, I am just curious why did you suggest me to disable add-on instead?
 
Hi,

Have you tried my advice? If it does not work, then I would suggest searching your registry for 2559A1F4-21D7-11D4-BDAF-00C04F60B9F0 and note down all the entries. Then let us know the results. As I've mentioned earlier, the problem does not seem related to malware; the advice I've given you are suggestions to find the root of the problem, but may not necessarily work. They are however non-destructive in nature. You may wish to check the Windows OS section for help on this matter.

Regards,
momok
 
Start -> Run -> Regedit

Once Registry Editor opens

Click on Edit -> Find
And type in (well copy and paste) 2559A1F4-21D7-11D4-BDAF-00C04F60B9F0

Although I'm not sure what the right hand field should show

Mine says:

InfoTip -> @explorer.exe,-7004
LocalizedString -> @explorer.exe,-7024

(I used right click Modify, to copy these)
Are mine OK?
 
adu: I would strongly recommend that you post your problem in the Windows OS section; there are other experts there that will be more suited to address your questions.

kimsland: You're not facing the same problem as he is are you? This is not a malware related problem, so unless you're facing the same symptoms while opening IE, you should be fine. =)
 
Status
Not open for further replies.
Back