Log check please

By swker98
Jan 19, 2009
  1. Hi, Im checking someones computer and it looks good but i just like to have another person look at it to make sure i havent missed anything


    Also, in Add\Remove Programs it lists SP3 but in hijackthis and computer properties it reports SP2
  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users):
    Here is the 64Bit version:

    Install Avira free AntiVirus

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"
    You need to run this multiple times, until all hidden Malwares are uncovered and removed as well.

    By the way, you will need to then restart, and run (and attach) a new HJT log
    And the clean Malwarebytes log ;)

    You say you're helping someone :confused: and need a "Log Check" :rolleyes:


    Also regarding SP3
    It's possible that the installed SP3 is in actual fact RC SP3, which is not the final release (or authentic) SP3 (oh dear, and you have malware, it aint looking good :( )
    Oh, and System Restore is infected too
  3. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Thanks for looking,
    Malewarebytes finds no infections (log attached)
    System Restore was turned off to clear it of the possibly infected restore points
    Avria was run and found a few things (log attached)

    HJT was also run (log attached)
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
  5. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    combofix ran log attaced
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download the following 4 tools, and print these instructions

    1. Download VundoFix; Trojan.Vundo Removal Tool; VirtumundoBeGone and ComboFix.
    2. Go Offline - pull the cable network, turn off wireless card, turn off your modem.
    3. Restart computer and press F8 to run Windows in Safe Mode
    4. Run VundoFix.. Click on the Scan for Vundo. Scanning will begin, which takes a long time. In the white box will display the names of infected files. After the scan is complete click Remove Vundo, removal will begin. Confirm by clicking Yes. The application should ask for permission to restart your computer - click Yes. Start Windows in Safe Mode again.
    5. Run FixVundo. Click Start, and then follow the instructions. It should be noted that this application can deal only with older mutations Vundo (Virtumonde).
    6. Run VirtumondoBeGone. Click Continue and wait for the report.
    7. Run ComboFix. Then, in the two windows that appear click Yes, and start scanning and removal of any Vundo (Virtumonde) infection. During this operation, you are not allowed to move the mouse or perform other actions. After the scan is complete, program will show a text file - a report from the program's action.
    8. Restart computer and run Windows normally.
    9. Attach the report
  7. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Ok i have scanned with those programs and attached logs, no vundo seems to be present


    I accually ran vundo the other night in regular mode (not safe) and it found nothing thats why there are two scans in the log
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well done

    Please re-open HJT and run a scan.
    Place a tick next to the following and then press Fix all
    Clear & Reset System Restore's Cache

    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply
    Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

    Restart, and let me know how all is going :)
  9. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    all working good
    thanks a ton
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Thank-you a ton too

    And thanks for the update :grinthumb
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...