TechSpot

i'm infected with something

By works9
Sep 28, 2007
  1. so my computer is infected with something and it's making me mad. i followed the instructions from your stickie thread, and after hours of scanning, i can finally start a thread. i keep on getting random search sites poping up when i use google, and also when i used smithfraud, i got this error: registry editing has been disabled by your administrator. the antirootkit found no rootkits. i have attached the logs requested in the stickie thread. thanx
     

    Attached Files:

  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Your system does appear to be infected. It seems that at one point there was a Trojan, which was removed; however, there was still a nasty entry in your HJT & ComboFix logs.

    Very Important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

    If, after reading the above thread, you decide to clean your system, do the following.

    Go to the folder C:\Program Files\Trend Micro\HijackThis. Rename the HijackThis.exe file to Crusty.exe. This is because some malware can hide from HIjackThis.exe.

    Your AVG Anti-Spyware log said no action taken for all items. You need to set it to apply the recommended action to all items instead. See HERE for details.

    Post fresh HJT and AVG Anti-Spyware logs after doing the above.

    Regards :)

    This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm going to tell you what I tell many others who just throw a log out and say '''m infected' with something'! How do you know you're infected with malware? What's happening?

    I say this because many times problems are due to poor routing maintenance, too many programs on startup, running in the background and too many Services set to Automatic that the user doesn't need or that can be put on manual.

    Even if you log shows infection, these things have to be considered, but not giving any information doesn't help us to help you.
     
  4. works9

    works9 TS Rookie Topic Starter

    thanx for replying to my thread kitty500cat. i did what you requested so here are the fresh avg anti-spyware and hijackthis logs.
     
  5. Jase123

    Jase123 Banned Posts: 1,012

    Your system seems to be clean. :)

    But this will need to be deleted * O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

    Also O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)..... that is saying there is a file missing, could you do a system file checker. Go to start/run and type in "sfc /scannow". Note: Make sure you have your windows xp disk handy.

    And you need to be more specific when posting a thread.

    Like what are is happening to your computer. Instead of just saying im infected.

    Are you having any symptoms with your computer? Anything going wrong?

    I advise you go and read this All about Malware topic.

    Hopefully, after reading that you will have learn't all about malware and the forms of it.

    Regards Jase :)

    This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  6. works9

    works9 TS Rookie Topic Starter

    i'm glad to hear that jase123...the reason y i said that my computer is infected is because i didnt know what virus got me, i just knew that the comp acted weird and a little slow. i do not have my windows xp cd, because i bought this comp used a while ago, and it came with windowx xp, so should i delete
    Also O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    or leave it alone.
    now i have another concern...when i try to search for something in google, as soon as i type teh first letter, a tab drops down with all the searches i have done already that started with that letter...reason y i'm acting suspicious is because it didn't used to do this before the computer got infected...i would like to get rid of that...
     
  7. Jase123

    Jase123 Banned Posts: 1,012

    Leave that > O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

    Yes that is normal for a drop down menu to come when searching on google. It just all your past searches. You can clear all your past searches. What browser you using IE or mozilla firefox, or a different one.

    Regards Jase :)

    This thread is for the use of works9 only.Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  8. works9

    works9 TS Rookie Topic Starter

    i'm using ie, but i dont like that drop down menu and would like to get rid of it.
     
  9. Jase123

    Jase123 Banned Posts: 1,012

    Are you using the google search bar at the top right of your computer?

    Regards Jase :)
     
  10. works9

    works9 TS Rookie Topic Starter

    no i'm not...my IE version is 6.0...my homepage is google.com so im using that search bar. i just did a clean with atf-cleaner and that drop down is still there...
     
  11. Jase123

    Jase123 Banned Posts: 1,012

    Open IE, then click tools at the top, and in the drop down menu click internet options. This should open a small box.
    Then on the general tab, click delete cookies and files. Then below that click clear history.

    This will clear all past searches.

    Regards Jase :)
     
  12. works9

    works9 TS Rookie Topic Starter

    yeah, that seemed to work, thanx jase123....ur awesome
     
  13. Jase123

    Jase123 Banned Posts: 1,012

    no worries at all works9.

    Glad to help.

    Regards Jase :)
     
  14. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    I noticed from your HJT log that you're using Windows XP, without any service packs. You should upgrade to XP service pack 2; however, it would probably be a good idea to wait until the computer is cleaned.

    There is still a nasty entry in your HJT log.

    Run HijackThis and place a check in the box next to the following entry (if there):

    O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht![http]adxtend.net/code/chm/xpre.chm::/xpreload.ocx

    Close all open programs, including your web browser. Click the fix checked button and close HJT.

    Then please do the following.

    1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

    2. Download the attached avengerscript.txt and save it to your desktop

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, start The Avenger program by double clicking on its icon on your desktop.

    Under "Script file to execute" choose "Load script from file".
    Now click on the folder icon which will open a new window titled "open Script File"
    navigate to the file you have just downloaded, click on it and press open
    Now click on the Green Light to begin execution of the script
    Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    On reboot, it will briefly open a black command window on your desktop, this is normal.
    After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please attach the content of c:\avenger.txt into your reply, along with a fresh HJT and ComboFix log.

    Regards :)

    This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     

    Attached Files:

  15. works9

    works9 TS Rookie Topic Starter

    aww man, i thought i was clean...oh well...here's the stuff that you asked for kitty500cat...i hope i got rid of it this time...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...