Infected, please help me experts

By jim_novice
Jul 23, 2008
  1. Hello, please help me. I have some nasty virus on my system that puts me at its mercy at intervals. I have attached a hijackthis post. I tried to read it myself but found it far too difficult and realized that I needed expert help from somebody who can actually learn and understand this material!!!

    Yours Hopefully

  2. raybay

    raybay TS Evangelist Posts: 7,241   +9

    Don't see it. Why do you think you have a problem?
    Do you have a guess as to what "Jaili" is?
    What is your configuration, memory installed?

    You might want to try MBAM MalwareBytes to see if it picks up anything SuperAntispyware did not... and replace SpyBot with Adaware 2008.
  3. jim_novice

    jim_novice TS Rookie Topic Starter

    My symptoms


    thanks for looking at my log. I have no idea what "jaili" might be. What I experience at the moment is a slow PC and a really slow start up. I am running ccleaner and antispyware and antivirus regularly. A while ago I had a series of blips with loads of trojans and other viruses but am not picking up anything lately. However, I did a system restore a while back to a month previous but I got told nothing had changed!! Which makes me think my PC has been compromised as there were a lot of installs and uninstalls during that month.

    I also tried the msconfig in the run command box to check my startup items. It didnt work so I checked if the file is there. Its missing...

    So I thought this was strange, looked online and found that windows has a system integrity checker program that lets you put things right using your windows CD once it finds some discrepancy. Well I was expecting either an okay message or a prompt for the CD... I didnt get either when it had finished running....

    I used two programs off to look for root kits but havent found anything.

    Thats my story. My spec. is 80G hard drive, 500 MB memory, running XP, standard install.
  4. jim_novice

    jim_novice TS Rookie Topic Starter

    Oh, I just figured out what jaili is... its hijackthis renamed! Silly me.
  5. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    well the very first thing we need to do us get the newest version of hijackthis

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
  6. jim_novice

    jim_novice TS Rookie Topic Starter

    The new log

    Cheers Daniel,

    I got the version you said. I have renamed hijack this time (hi.exe). I have attached my log

    Cheers again for the help

  7. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Download & Install SDFix
    • Download SDFix & save it to your Desktop.
    • Double click SDFix.exe & it will extract the file to %systemdrive%
      (Drive that contains the Windows Directory, Typically C:\SDFix)

    Boot into Safe Mode
    • Restart your computer & start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

    Run SDFix
    • Open the extracted SDFix folder & double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
    • Attach Report.txt back here


    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    then post a fresh hijackthis log
  8. jim_novice

    jim_novice TS Rookie Topic Starter

    Thanks for your swift reply. I will get on with that...
  9. jim_novice

    jim_novice TS Rookie Topic Starter


    I didnt find any immediate problems... but there is some stuff in the report Im hoping holds a clue.

  10. jim_novice

    jim_novice TS Rookie Topic Starter

    Hijack this log

    The fresh hijack this log is here.


  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You know I had FlashGet for years, until I worked out Save As does the same thing (and seldom breaks connection these days!)
    I'd say remove this resource hog, that's all over your log.

    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

    Means that you need to restart for these "runonce" entries to be removed
    Actually not even sure which scan made these entries (Do you know?)

    Other than that, it looks clean
  12. xxdanielxx

    xxdanielxx TS Rookie Posts: 1,069

    Run Hijackthis and place a check next to the items below

    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...