Is my Laptop clean or infected with some malware??

By kspalani
Jun 18, 2006
Topic Status:
Not open for further replies.
  1. Hi,

    Once i got a link from one of my buddies in my messenger list. I clicked on that and went into yahoo page(fake login page). The next day onwards I wasn't able to login into my yahoo mail using that id. That's when i came to know that i was phished. I had forgotten the answer to secret question, so i had got to yahoo to have my password reset.

    Then I was able to login with my new password and see my mails. I logged out and when i tried to login after sometime, again i got the error invalid password. I suspected that some malware, trojan or keylogger has been planted on my laptop. Since then i have been trying all free anti-spyware, anti-keylogger, anti-malware tools. I did get that some malware is found in my PC. I cleaned them , the next time when i run those software they show my PC is clean except for tracking cookies or spy cookies.

    Now, still i am not sure if my PC is clean. I have a few queries

    1. Now if I reset my password by yahoo , and login to my yahoo account either from my Laptop or some other PC, will i again fave the same login problem after somtime? The person who has hijacked my yahoo account has not changed my password, because if he had changed my password I would have got a message in my alternate e-mail! ( am i right?)

    2. Would something have been done, so that whenever I login into my account using a new password ( even if login from a different PC), the hacker would get an alert? is that possible? Why I am asking this , if i ma unable to find out if my PC is clean , then as a last resort, can i take a backup and then format and reinstall Windows XP. ( then my PC should be clean, any entries in registry should be cleaned).

    3. Before going to yahoo for a password reset, I want to make sure from my side that everything is ok. Because i don't want to go them again and again with same problem. I have been using This mail-address for a long time and it has many of my important data and that's why i want to retain it back completely and properly.


    I have done all the scans as given and then did a Hijackthis Scan, the logs of which i have attached.

    Please let me know if my Laptop is clean or has some mailcious program which does not allow me to login into my particualr yahoo account. Now if i reset my yahoo password, should i do so from this Laptop or some other laptop. or is it better( as a last resort) take a backup of data on my Laptop and then reinstall windows XP . Please advice me.

    Thanks & Regards,
    S.Palaniappan.

    Attached Files:

  2. N3051M

    N3051M Newcomer, in training Posts: 2,800

    so you've done the "Follow these instructions before posting a HiJackThis Log" sticky in the main area of this subforum? if not, give it a go:
    http://www.techspot.com/vb/topic50981.html

    HJT fix this:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    i'm new at reading these things so i probably missed a few :D. Just wait on the experts to look through..
  3. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go and follow the instructions exactly, in the link N3051M gave you.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
  4. kspalani

    kspalani Newcomer, in training Topic Starter

    Posting my Hijackthis Log

    Hi,

    I have done all scans as specifed by you. Then i have run Hijackthis Log and now I am posting my log Hijackthis.txt for you to have a look. Request you to look into it and suggest a solution to my problem.


    Regards,
    S.Palaniappan
  5. N3051M

    N3051M Newcomer, in training Posts: 2,800

    it seems that you dont have a firewall installed.. you can download Zonealarm or Sunbelt Keiro free of the net, just google them.

    you still have this, you may have to boot safe mode to fix it:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm


    howard, not too sure about these ones:
    Code:
    O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)
    
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
    
    and some entries relating to "Juniper Networks"?
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O11 - Options group: [JAVA_IBM] Java (IBM)

    Fix all 016-DPF entries.

    O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)

    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    N3051M. Juniper networks is his ISP and shouldn`t be fixed.


    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.