Malware alarm infection
- Thread starter larryiam
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
post fresh hijackthis log
Blind Dragon
Posts: 3,774 +4
This is your clock problem as well.
Well you have a vundo variant on there, this is the main infection so we need to get that off first. I also see some spyware and even though I don't see CWS anymore you should still run CWShredder to be sure.
Vundofix by Atribune
Please download VundoFix.exe to your desktop.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
--------------------------------------------------------------------------------
CWShredder
Download CWShredder [http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe]here[/URL] to its own folder.
Update CWShredder
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
--------------------------------------------------------------
Run a fresh Hijackthis and attach here with the vundofix.txt
Well you have a vundo variant on there, this is the main infection so we need to get that off first. I also see some spyware and even though I don't see CWS anymore you should still run CWShredder to be sure.
Vundofix by Atribune
Please download VundoFix.exe to your desktop.
- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please attach the C:\vundofix.txt and a new HiJackThis log.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
--------------------------------------------------------------------------------
CWShredder
Download CWShredder [http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe]here[/URL] to its own folder.
Update CWShredder
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
--------------------------------------------------------------
Run a fresh Hijackthis and attach here with the vundofix.txt
Blind Dragon
Posts: 3,774 +4
Alright then MBAM should pick up. Hopefully you can update it.
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware to your desktop.
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Blind Dragon
Posts: 3,774 +4
same, will check the logs tomorrow. then we can go from there
Blind Dragon
Posts: 3,774 +4
wait a sec. can you scan with hijackthis one more time, it doesn't take long. Then we need to do a few more things to make sure it doesn't come back
Blind Dragon
Posts: 3,774 +4
Remove bad HijackThis entries
-------------------------------------------------------------
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
---------------------------------------------------------------
OTCleanit! by Oldtimer
-----------------------------------------------------------------
Set correct settings for files
clear system restore points
-------------------------------------------------------------------------------
Additional recommendations:
1)Check for updates to your Mcafee products
2)Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
- Run HijackThis
- Click on the System Scan Only button
- Put a check beside all of the items listed below (if present):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
-------------------------------------------------------------
Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
---------------------------------------------------------------
OTCleanit! by Oldtimer
- Download OTCleanIt
- Click the CleanUp! button.
- It will go thorugh the list and remove all of the tools it finds and then delete itself (requiring a reboot).
-----------------------------------------------------------------
Set correct settings for files
- Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
- Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
- If unchecked please check Hide protected operating system files (Recommended)
- If necessary check "Display content of system folders"
- If necessary Uncheck Hide file extensions for known file types.
- Click OK
clear system restore points
This is a good time to clear your existing system restore points and establish a new clean restore point:- Go to Start > All Programs > Accessories > System Tools > System Restore
- Select Create a restore point, and Ok it.
- Next, go to Start > Run and type in cleanmgr
- Select the More options tab
- Choose the option to clean up system restore and OK it.
-------------------------------------------------------------------------------
Additional recommendations:
1)Check for updates to your Mcafee products
2)Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
Blind Dragon
Posts: 3,774 +4
MBAM is up to you, it is quickly becoming one of the best anti-spyware products out there, and it free to use, free to update. It doesn't use any system resources when Idle, only when you scan with it. Either way its your call
Blind Dragon
Posts: 3,774 +4
Just glad it works. I forgot to ask you - are you able to sync your clock now
sadly no. but i can live with that. i can't live with malware and its gone now! i guess its from a update in service pack 2 because when i had to recover my computer from a virus it erased all the updated and sp2 and the clock synchronization worked. i installed all the updates back and sp2 now it won't and hasn't for quit sometime. but oh well. im happy computer works! Oh and by the way blind dragon THANK YOU SO MUCH FOR YOUR HELP!! :grinthumb
- Status
