Is my Laptop clean or infected with some malware??

By kspalani
Jun 18, 2006
  1. Hi,

    Once i got a link from one of my buddies in my messenger list. I clicked on that and went into yahoo page(fake login page). The next day onwards I wasn't able to login into my yahoo mail using that id. That's when i came to know that i was phished. I had forgotten the answer to secret question, so i had got to yahoo to have my password reset.

    Then I was able to login with my new password and see my mails. I logged out and when i tried to login after sometime, again i got the error invalid password. I suspected that some malware, trojan or keylogger has been planted on my laptop. Since then i have been trying all free anti-spyware, anti-keylogger, anti-malware tools. I did get that some malware is found in my PC. I cleaned them , the next time when i run those software they show my PC is clean except for tracking cookies or spy cookies.

    Now, still i am not sure if my PC is clean. I have a few queries

    1. Now if I reset my password by yahoo , and login to my yahoo account either from my Laptop or some other PC, will i again fave the same login problem after somtime? The person who has hijacked my yahoo account has not changed my password, because if he had changed my password I would have got a message in my alternate e-mail! ( am i right?)

    2. Would something have been done, so that whenever I login into my account using a new password ( even if login from a different PC), the hacker would get an alert? is that possible? Why I am asking this , if i ma unable to find out if my PC is clean , then as a last resort, can i take a backup and then format and reinstall Windows XP. ( then my PC should be clean, any entries in registry should be cleaned).

    3. Before going to yahoo for a password reset, I want to make sure from my side that everything is ok. Because i don't want to go them again and again with same problem. I have been using This mail-address for a long time and it has many of my important data and that's why i want to retain it back completely and properly.

    I have done all the scans as given and then did a Hijackthis Scan, the logs of which i have attached.

    Please let me know if my Laptop is clean or has some mailcious program which does not allow me to login into my particualr yahoo account. Now if i reset my yahoo password, should i do so from this Laptop or some other laptop. or is it better( as a last resort) take a backup of data on my Laptop and then reinstall windows XP . Please advice me.

    Thanks & Regards,

    Attached Files:

  2. N3051M

    N3051M TS Evangelist Posts: 2,115

    so you've done the "Follow these instructions before posting a HiJackThis Log" sticky in the main area of this subforum? if not, give it a go:

    HJT fix this:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    i'm new at reading these things so i probably missed a few :D. Just wait on the experts to look through..
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go and follow the instructions exactly, in the link N3051M gave you.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
  4. kspalani

    kspalani TS Rookie Topic Starter

    Posting my Hijackthis Log


    I have done all scans as specifed by you. Then i have run Hijackthis Log and now I am posting my log Hijackthis.txt for you to have a look. Request you to look into it and suggest a solution to my problem.

  5. N3051M

    N3051M TS Evangelist Posts: 2,115

    it seems that you dont have a firewall installed.. you can download Zonealarm or Sunbelt Keiro free of the net, just google them.

    you still have this, you may have to boot safe mode to fix it:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    howard, not too sure about these ones:
    O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
    and some entries relating to "Juniper Networks"?
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O11 - Options group: [JAVA_IBM] Java (IBM)

    Fix all 016-DPF entries.

    O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)

    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    N3051M. Juniper networks is his ISP and shouldn`t be fixed.

    Regards Howard :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...