TechSpot

My computer is sick - feat. 8 steps+logs

By Dan89
May 22, 2009
  1. Bit of history first-
    My computer has been infected for a few months, generally with smaller viruses that barely bothered me, but recently I've noticed a number of trojans and decided to get something done. Just yesterday I got word that through my msn I was sending links to porn sites- a sure sign that my computer's pretty darn infected, despite never falling for any traps or giving my password away (through the scanning I discovered keyloggers that I, with my limited knowledge, have decided to blame).

    I have attached the Malwarebytes Antimalware, SUPERAntiSpyware and hijackthis scan logs, but I feel this is also important:
    After completing step 5 (The SUPERAntiSpyware) and restarting my computer, I was prompted to open in Safe mode. After I didn't hit any key and it started regularly, before reaching the login screen it froze on a blue screen telling me that registry files (if I remember correctly... you guys would know this screen better than I) were infected and that I had to restart my computer and should start in another mode.
    I restarted and then decided to start from the 'Last Known Good Configuration.'
    I then continued steps 6 through 8 (Java was fine, didn't require an update) and here I am.

    Dan.
     
  2. touch

    touch TS Rookie Posts: 978

    Hello Dan89

    You still have some infections. However, it looks like you have 3 antivirus programs running ->

    "Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection.
    Not more."

    If you have purchased Sophos, you should ->
    Remove/uninstall from "add/remove programs" in controlpanel.
    Avast and AVG8.

    Reboot, attach new hijackthis log
     
  3. Dan89

    Dan89 TS Rookie Topic Starter

    Thanks for the response.

    I was unaware that I had Avast running- I went to 'Add or Remove Programs' and couldn't find it on the list.
    I've had Sophos installed for the last 2-3 years (since I had the computer), however the 'sophos protection update has failed' for the last 2 years- which is why I got AVG a while back (without uninstalling Sophos).
    When I double click on the Sophos icon, it is unable to connect to server.

    Before I do anything-
    How do you recommend I completely remove Avast?
    Should I remove Sophos and keep AVG as my antivirus program?

    Thanks.
     
  4. touch

    touch TS Rookie Posts: 978

    My recommendation would be that you remove AVG, Avast and Sophos, and then install Avira.

    Download Avira´s installations file:
    Avira
    Don´t install it, yet

    Then run this Avast uninstaller:
    http://www.avast.com/eng/avast-uninstall-utility.html

    Uninstall Sophos:
    "At the Windows taskbar, select Start|Run
    browse to the folder C:\Program Files\Sophos SWEEP for NT
    double-click 'setup.exe'
    at the very end of the path in the Run window, type a space followed by -remove
    (e.g. "C:\Program Files\Sophos SWEEP for NT\setup.exe" -remove)
    follow the instructions on the screen."

    Run the AVGRemove Tool

    Install Avira. Update it, run a complete scan.

    After you have done the steps above ->

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe
    And save to the desktop.

    Close all other browser windows.
    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  5. Dan89

    Dan89 TS Rookie Topic Starter

    Hey
    Small issue, I don't have the 'Sophos SWEEP for NT' folder.
    This'd probably have some effect downloading updates and why it wouldn't update.
    Do you recommend any other ways of removing it?
     
  6. touch

    touch TS Rookie Posts: 978

    Yes, we remove Sophos manually later, using combofix.
     
  7. Dan89

    Dan89 TS Rookie Topic Starter

    So after downloading the Avira installation file, would you recommend I install it before or after executing Combofix?

    I've removed AVG and avast!, so I'll run Combofix after your next response.

    Thanks for the help.
     
  8. touch

    touch TS Rookie Posts: 978

    Install Avira now, run a complete systemscan. Then run combofix ;)
     
  9. Dan89

    Dan89 TS Rookie Topic Starter

    Here's my Combofix log and my new Hijackthis log.
     
  10. touch

    touch TS Rookie Posts: 978

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  11. Dan89

    Dan89 TS Rookie Topic Starter

    Combofix log attached.

    Thanks a million man, my usb port works again with my usb drives and ipod :D
     
  12. touch

    touch TS Rookie Posts: 978

    That´s good news :grinthumb

    Combolog looks clean. Please attach fresh hijackthis log.
     
  13. Dan89

    Dan89 TS Rookie Topic Starter

    Attached :D
     
  14. touch

    touch TS Rookie Posts: 978

    Have hijacktis to fix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

    And you´re done.

    Now to the big question - How are things running ?
     
  15. Dan89

    Dan89 TS Rookie Topic Starter

    A little faster- my computer has been filled up for a year or more so it's obviously not as fast as when I first got it, but the most noticeable (and awesome) difference is my usb port now works- for some reason the webcam would work, however usb drives and my ipod couldn't connect for the past few months and it's just been a pain in the *** with assessments and such.
    The computer just feels cleaner, too :p

    Thanks for your help man, you've saved me hours upon hours of mental anguish :D
     
  16. touch

    touch TS Rookie Posts: 978

    I´m glad to hear I´ve saved you for mental anguish :D

    Now your computer problems are solved, it is time for the clean-up procedure
    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    http://www.spywareinfoforum.com/index.php?showtopic=60955


    Keep safe :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...