Is my Laptop clean or infected with some malware??

Status
Not open for further replies.
Hi,

Once I got a link from one of my buddies in my messenger list. I clicked on that and went into yahoo page(fake login page). The next day onwards I wasn't able to login into my yahoo mail using that id. That's when I came to know that I was phished. I had forgotten the answer to secret question, so I had got to yahoo to have my password reset.

Then I was able to login with my new password and see my mails. I logged out and when I tried to login after sometime, again I got the error invalid password. I suspected that some malware, trojan or keylogger has been planted on my laptop. Since then I have been trying all free anti-spyware, anti-keylogger, anti-malware tools. I did get that some malware is found in my PC. I cleaned them , the next time when I run those software they show my PC is clean except for tracking cookies or spy cookies.

Now, still I am not sure if my PC is clean. I have a few queries

1. Now if I reset my password by yahoo , and login to my yahoo account either from my Laptop or some other PC, will I again fave the same login problem after somtime? The person who has hijacked my yahoo account has not changed my password, because if he had changed my password I would have got a message in my alternate e-mail! ( am I right?)

2. Would something have been done, so that whenever I login into my account using a new password ( even if login from a different PC), the hacker would get an alert? is that possible? Why I am asking this , if I ma unable to find out if my PC is clean , then as a last resort, can I take a backup and then format and reinstall Windows XP. ( then my PC should be clean, any entries in registry should be cleaned).

3. Before going to yahoo for a password reset, I want to make sure from my side that everything is ok. Because I don't want to go them again and again with same problem. I have been using This mail-address for a long time and it has many of my important data and that's why I want to retain it back completely and properly.


I have done all the scans as given and then did a Hijackthis Scan, the logs of which I have attached.

Please let me know if my Laptop is clean or has some mailcious program which does not allow me to login into my particualr yahoo account. Now if I reset my yahoo password, should I do so from this Laptop or some other laptop. or is it better( as a last resort) take a backup of data on my Laptop and then reinstall windows XP . Please advice me.

Thanks & Regards,
S.Palaniappan.
 

Attachments

  • hijackthis.txt
    12 KB · Views: 9
so you've done the "Follow these instructions before posting a HiJackThis Log" sticky in the main area of this subforum? if not, give it a go:
https://www.techspot.com/vb/topic50981.html

HJT fix this:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

i'm new at reading these things so i probably missed a few :D. Just wait on the experts to look through..
 
Hello and welcome to Techspot.

Go and follow the instructions exactly, in the link N3051M gave you.

Post a fresh HJT log into this thread, only after doing the above.

Regards Howard :wave: :wave:
 
Posting my Hijackthis Log

Hi,

I have done all scans as specifed by you. Then i have run Hijackthis Log and now I am posting my log Hijackthis.txt for you to have a look. Request you to look into it and suggest a solution to my problem.


Regards,
S.Palaniappan
 
it seems that you dont have a firewall installed.. you can download Zonealarm or Sunbelt Keiro free of the net, just google them.

you still have this, you may have to boot safe mode to fix it:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm


howard, not too sure about these ones:
Code:
O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab

and some entries relating to "Juniper Networks"?
 
Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O11 - Options group: [JAVA_IBM] Java (IBM)

Fix all 016-DPF entries.

O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

Click on the fix checked button.

Close HJT.

Reboot into normal mode and turn system restore back on.

N3051M. Juniper networks is his ISP and shouldn`t be fixed.


Regards Howard :)
 
Status
Not open for further replies.
Back