I think my computer is infected, Please help!

By adu123
Jan 11, 2008
Topic Status:
Not open for further replies.
  1. I think my window is infected by some sort of malware because it takes kinda long time to boot, sometimes the screen even turn black. I would be grateful if someone can check the hijackthis log for me.

    Attached Files:

  2. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Viruses/Spyware/Malware, preliminary removal instructions
    http://www.techspot.com/vb/topic58138.html

    I'd also recommend downloading CCleaner to remove all junk from your computer

    Also download / update and full scan with SuperAntiSpyware:
    http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

    You can also download Startup Control Panel to remove any unwanted Windows startups

    You will then need to re-submit a HijackThis Log afterwards info here:
    http://www.techspot.com/vb/topic19133.html
  3. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    Here is the fresh HijackThis log. I've tried to fix the third entry(02) which neither has name nor file, but it still remains there everytime I do a scan. and also after I deleted all of the items in the backup section, they keep coming back!
    Today when I go to IE7, I noticed the order of my favorite website has been rearranged for unknow reason, Could this be a sign of infection? Thank you for your help
  4. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Still lots of problems
    Did you complete all steps above ?
    Especially "Viruses/Spyware/Malware, preliminary removal instructions"
  5. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    Stopsign Threat Scanner has detected my computer is infected with Adware.Tencent.origin. The following are the path of the infected files:

    c:\program files\tencent\ssplus\scrax.dll <Adware.Tencent.origin>

    c:\users\jing\documents\qq\qq2007ii_beta2sp1.exe:data1854:data003 <Adware.Tencent.origin>

    Tracking Cookie: Spyware Cookie
    C:\Users\Jing\AppData\Roaming\Microsoft\Windows\Cookies\Low\jing@msnportal.112.2o7[1].txt is Infected.

    Any ideas how to remove those infections? Thank you
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Completing all the steps above, should have removed this
    Have all steps been completed ?

    If so then possibly the infections are in System Restore which should be turned off during the scans
    Or it has re-accured by going back on the web, and not coming straight back to TechSpot with the results from the scans
    Or your firewall, or lack of firewall is allowing intruders to re-infect your computer.

    I have posted another option before, to users who come back with similar issues to before, and stating without success.

    Please go to www.hitmanpro.com
    Download their program and fully run it (this usually takes hours)
    Although, the scanning is fully automated, you will need to tick "accept" twice during the scan progress
    1 Acceppt all
    2 Spysweeper accept (pretty sure it's spysweeper that requires single accept)

    Reply back with the results
  7. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    Can I just delete those infected files to kill the infection? By the way, how can I reach momok, I need his help.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  9. momok

    momok Newcomer, in training Posts: 2,272

    Hi

    I suggest you do the following before doing anything else.

    Important: Please read this thread HERE before deciding if you should CLEAN or FORMAT your system

    Should you decide to that cleaning your system is the best option, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given.
    Do follow all the instructions exactly.

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread.
    Do not copy and paste your logs if not they will be removed.

    Our experts here will tend to your queries thereafter.

    Also, please provide the results of the Antirootkit scan


    Regards,
    momok =)

    This thread is for the use of adu123 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and The Web forum.
  10. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    Hi, momok. Sorry for the late response because I had to do my homework. I've followed all the steps in the Viruses/Spyware/Malware, preliminary removal instructions, I've posed the requested HijackThis, AVG Antispyware and Combofix logs. I can't tell you the results of the Antirootkit scan because AVG anti-rookit wouldn't run on my window vista, I think it's not compatible with it. Thank you for helping me once again.

    Attached Files:

  11. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    All your logs look clean.

    I assume you are chinese, and use the popular QQ program and its related components. To the extent of my knowledge from reading information online (my chinese is not very good) Tencent is the company that came up with QQ.

    I would believe that your QQ program occasionally alerts you with ads, thus its classifcation of one of its files as adware. Its not a huge problem, and I believe most chinese users face the same situation as you are. I wouldn't suggest removing those files as they may interfere with the workings of QQ.

    Regards,
    momok
     
  12. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    hi, momok. Thank you for taking your time to help me with my problem. I know you're a busy man. Yes, I'm chinese,and I'm very happy about fact that you also speak chinese because I trust you the most when it comes to computer:D even though you're don't speak chinese very well. QQ program does alerts me with ads everytime I login, but it's mostly news. I want to know is QQ safe enough to use?
    Another minor issue, everytime I open IE 7 from the start menu, a message box will says: Cannot find{2559A1F4-21D7-11D4-BDAF-00C04F60B9F0}, make sure the path or Internet address is correct. When I close the message box, the browser will load just fine. I don't know what's going on? Thank you
  13. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Yes QQ is safe =)

    Would you try open IE, then go to Tools > Manage Add ons > Enable/Disable Add ons. Disable each item in the list one at a time and restart IE to see if the problem occurs. Do this until you have discovered add-on which is causing the problem.

    Regards,
    momok
  14. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    I thought the message box is caused by some unknown problem in the registry keys, I am just curious why did you suggest me to disable add-on instead?
  15. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Have you tried my advice? If it does not work, then I would suggest searching your registry for 2559A1F4-21D7-11D4-BDAF-00C04F60B9F0 and note down all the entries. Then let us know the results. As I've mentioned earlier, the problem does not seem related to malware; the advice I've given you are suggestions to find the root of the problem, but may not necessarily work. They are however non-destructive in nature. You may wish to check the Windows OS section for help on this matter.

    Regards,
    momok
  16. adu123

    adu123 TechSpot Maniac Topic Starter Posts: 301

    How do I do that? Thank you
  17. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Start -> Run -> Regedit

    Once Registry Editor opens

    Click on Edit -> Find
    And type in (well copy and paste) 2559A1F4-21D7-11D4-BDAF-00C04F60B9F0

    Although I'm not sure what the right hand field should show

    Mine says:

    InfoTip -> @explorer.exe,-7004
    LocalizedString -> @explorer.exe,-7024

    (I used right click Modify, to copy these)
    Are mine OK?
  18. momok

    momok Newcomer, in training Posts: 2,272

    adu: I would strongly recommend that you post your problem in the Windows OS section; there are other experts there that will be more suited to address your questions.

    kimsland: You're not facing the same problem as he is are you? This is not a malware related problem, so unless you're facing the same symptoms while opening IE, you should be fine. =)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.