Ronalan, Welcome to TechSpot. I'll be glad to help you get rid fof the malware. I have seen a TroJan and a backdoor Trojan in your logs- neither being something you want. I advise you to change your passwords and monitor the online financial transactions.
I can't find any malware association with the [NetSoft]iexplore.exe entry. Netsoft is a Technology Search firm. Now if it is running using Internet Explorer and you are not aware of having this on the system, then maybe we should look into it. Malware can use the name of almost any process.
You have IEv7, so you shold only have 1 iexplore.exe entry in the Task Manager-
unless- you are not using the tab but launching IE again everytime you want another site- but that is user caused, not malware caused.
Tmasgic cannot interpret the entries. He has asked you to remove 3 legitimate and needed entries-
none of them should be removed.. An entry isn't removed because 'it looks suspecious'.
It needs to be identified and then determined if it is a bad entry.
I cannot identify any parts of this entry, so please do this:
Please visit Jotti Online Malware Scan (http://virusscan.jotti.org/)
Copy the following line into the white text box:
C:\WINDOWS\zAdBho.dll
Click Submit.
Please post the results of this scan to this thread.
Note: If the server is busy at the above site, try this alternative site:
Go to Virus Total-Upload A File. (
http://www.virustotal.com/)
Copy the following line into the white text box:
C:\WINDOWS\zAdBho.dll
Reopn HijackThis to
'do system scan only.' Check the following entries if present:
O4 - HKLM\..\Run: [KOfcpfwSvcs.exe] C:\WINDOWS\system32\KOfcpfwSvcs.exe
Close all windows and click on
"Fix Checked.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Using Windows Explorer: Right click> Explore> My Computer> Local Drive (C)> Windows> System 32> find this file and do a right click> delete:
KOfcpfwSvcs.exe
If you get any error message: Open the Task Managed> find KOfcpfwSvcs.exe> End Task. Then use Explorer to delete.
Please download ComboFix
HERE:
- With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
- Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
- Run Combo-Fix.exe and follow the prompts.
(Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
- Wait for the scan to be completed.
- If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Run this online virus scan:
Run Eset NOD32 Online AntiVirus Scanner HERE
Note: You will need to use Internet Explorer for this scan.
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
In next reply:
Attach Jotti ID
Attach Combofix report.
Attach EsetNod32 log
Paste in new HJT log.