Infected, please help me experts

Status
Not open for further replies.
J

jim_novice

Posts: 8   +0
Hello, please help me. I have some nasty virus on my system that puts me at its mercy at intervals. I have attached a hijackthis post. I tried to read it myself but found it far too difficult and realized that I needed expert help from somebody who can actually learn and understand this material!!!

Yours Hopefully

Jim
 
Don't see it. Why do you think you have a problem?
Do you have a guess as to what "Jaili" is?
What is your configuration, memory installed?

You might want to try MBAM MalwareBytes to see if it picks up anything SuperAntispyware did not... and replace SpyBot with Adaware 2008.
 
My symptoms

Hello,

thanks for looking at my log. I have no idea what "jaili" might be. What I experience at the moment is a slow PC and a really slow start up. I am running ccleaner and antispyware and antivirus regularly. A while ago I had a series of blips with loads of trojans and other viruses but am not picking up anything lately. However, I did a system restore a while back to a month previous but I got told nothing had changed!! Which makes me think my PC has been compromised as there were a lot of installs and uninstalls during that month.

I also tried the msconfig in the run command box to check my startup items. It didnt work so I checked if the file is there. Its missing...

So I thought this was strange, looked online and found that windows has a system integrity checker program that lets you put things right using your windows CD once it finds some discrepancy. Well I was expecting either an okay message or a prompt for the CD... I didnt get either when it had finished running....

I used two programs off to look for root kits but havent found anything.

Thats my story. My spec. is 80G hard drive, 500 MB memory, running XP, standard install.
 
well the very first thing we need to do us get the newest version of hijackthis

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
The new log

Cheers Daniel,

I got the version you said. I have renamed hijack this time (hi.exe). I have attached my log

Cheers again for the help

Jim
 
Download & Install SDFix
  • Download SDFix & save it to your Desktop.
  • Double click SDFix.exe & it will extract the file to %systemdrive%
    (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode
  • Restart your computer & start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix
  • Open the extracted SDFix folder & double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
  • Attach Report.txt back here

----------------------------------------

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

then post a fresh hijackthis log
 
Scanned...

I didnt find any immediate problems... but there is some stuff in the report Im hoping holds a clue.

Jim
 
You know I had FlashGet for years, until I worked out Save As does the same thing (and seldom breaks connection these days!)
I'd say remove this resource hog, that's all over your log.

Also:
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

Means that you need to restart for these "runonce" entries to be removed
Actually not even sure which scan made these entries (Do you know?)

Other than that, it looks clean
 
Run Hijackthis and place a check next to the items below

O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
 
Status
Not open for further replies.

Similar threads

midian182
Jensen Huang on generative AI: Being successful won't depend on programming skills
Replies
8
Views
218
RandomWAN
R
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
2K
Kshipper
Kshipper

Latest posts

Back