TechSpot

Is this a malware/spyware/virus problem?

By Del262
Mar 27, 2009
  1. My son was having problems with his laptop an thought he had a virus.

    I have gone through the 8 steps and logs are attaced.

    Malware and SAS say there is nothing on the comp and Anti virus says clean to. However Hijack This, tells me it is blocked from accesing the 'host' file.

    When logging on to my wireless network the computer either never remembers the name or seems to show two instances of the network, but adds a 2 at the end.

    Thought I would check here for some advce or at least to get pointed in the right direction.

    Thanks in advance.

    Apologies for the horrendous spelling above was typing in a rush!!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Not too bad:
    Remove bad HijackThis entries
    • Run HijackThis
    • Click on the System Scan Only button
    • Put a check beside all of the items listed below (if present):
    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.

    Reboot when through and see if this makes any difference. If it does not, then it's a mechanical problem, not malware.
     
  3. Del262

    Del262 TS Rookie Topic Starter

    Thanks have triedit and the laptop seems to be finding and connecting to the network much quicker and without duplication.

    Thanks for the advice/help Should I run the malware/spyware progs again to check the machine?

    Thanks again.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Just do a new scan with HijackThis- I don't think you need to run the others. show me a fresh log and then I'll give you instructions in removing the cleanup tools. If one tenth of the logs I check were as clean as yours, I'd have more time to tell others how to get rid of their trash!

    That is a 'left-handed' compliment! Tell you son to continue being careful.
     
  5. Del262

    Del262 TS Rookie Topic Starter

    Thanks for the compliment!

    Here is the next HJT log and once again thanks for the help.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There's just one entry you can check and see i it will 'stay removed'- I don't like entries with questions marks!

    Your entry is:
    O4 - Global Startup: QuickSet.lnk = ?

    The complete entry should be:
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

    If you check to remove and it comes back, not to worry.

    Download OTCleanIt HERE & save it to your desktop.
    Clear your existing System Restore points and establish a new clean restore point:
    Keep up the good work! It was a pleasure working with you.
     
  7. Del262

    Del262 TS Rookie Topic Starter

    I ran all the things in your last post last night . It took me a couple of attempts to get all the things to work in the sequence you layed out.

    Finally all seemed to come together (at some ridiculous hour of the morning:zzz:). Machine seems to be running fine, however I ran HJT again (log attached). The lines you asked me to remove, well at least a couple of them, seem to be back. I also still get the pop up saying HJT can't access the 'host' file.

    As I said though the machine seems to be running fine and certainly a lot better than before.

    If you think all is fine then I'm happy with that.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Good job! There are a couple of processes you might want to stop- you don't have to run HJ again or remove the processes- they are legitimate files but known high resource users and do not need to start on boot:

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    QUICK TIME
    C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - Global Startup: QuickSet.lnk = ?

    quickset.exe startup configuration info:
    quickset.exe process and program file info:

    Startup application quickset.exe is a taskbar application allowing you to quickly change power management settings.

    You can safely remove quickset.exe from your Startup application list. If you want to use it, you can run it manually from Start > Programs > Others > Dell QuickSet > QuickSet.


    Dell taskbar icon allowing you to quickly change settings. you can also do this:
    Left click once on the QuickSet Icon, you should get a menu. Go Hotkey Popups>Disable On Screen Volume Meter.
    [/QUOTE]
    Unneeded Java processes:
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    JAVA:
    For the Hist file problem:
    Log on as Administrator and grant write access to the
    /Windows/system32/drivers/etc/hosts file for the "power user" account.
     
  9. Del262

    Del262 TS Rookie Topic Starter

    Finally all done. Many thanks for all the help and advice. I am intending not to be back in this part of the forum for a while.............I hope.

    Regards and thanks again.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...