TechSpot

My first post here, Hijack This post

By XracerX05
Oct 21, 2008
  1. I've been reading for some time on here about getting rid of malware, spyware, virus's... I got something a week or so ago, that disabled my task manager. I read a post on here that gave a command to put in (((Run: REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f ))). The command seems to have worked, it brought back the task manager, even after restarts, the AVG scan didn't turn anything up, nor did the trend micro scan online. I think the problem may be fixed, but just want to be sure that there isn't anything lurking around or running and able to obtain passwords, logins, etc... I got that Hijack this program, and ran a log. If I may post here. If anyone can look through all this greek for me and maybe tell me if it looks like any spyware, malware, critters are running. Would be much apprieciated.

    Here goes....
    View attachment 36794
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I didn't check everything in the log- but enough to tell you that: AVG is out of date. v7 is no longer being supported. The current version is v8. Please update ASAP.
    1.
    2 You have malware:.
    .
    Please refer to the cleaning process which will include running Malwarebytes, SuperAntispyware and rescanning with HijackThis:
    See http://www.techspot.com/vb/post645589-1.html

    We'll be glad to help after you have run the programs an attached all three logs.
     
  3. XracerX05

    XracerX05 TS Rookie Topic Starter

    Thank you very much, I ran the Malwarebytes, it picked up a bunch of stuff. Java is current, and checked, Superspyware is running now and detected 2 so far in the scan. It's getting late, I will let these finish out, and post the logs tommorow. Looks like I might be getting rid of this stuff finally. Thanks again.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    A reminder> it's the antivirus program AVG that needs to be updated. Please attach all three logs when you finish running the programs and we'll check them.
     
  5. XracerX05

    XracerX05 TS Rookie Topic Starter

    I've got the free version of AVG 7.5, I looked on their website, I've gotta figure out which 8.0 to d-load. Thats next on the agenda.. But here are those log files... Let me know whatcha think. Thanks very much.
     

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I hate to nag, but you have got to get the AV updated: Download this from here:
    AVG Anti-Virus Free Edition 8.0: http://free.avg.com/download?prd=afe

    NOTE: Download the setup and SAVE to the desktop. Don't run yet.

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below.
    Please include removal of any processes for the AV you do not want to keep.
    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot into Safe Mode:
    Start> Run> tyoe in 'msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK everything except the processes for the AV program, I don't see a touchpad process, but if you have a laptop, the touchpad will need to be on Startup> Apply> OK>

    Reboot. You will get a nag message that you can ignore and close after checking 'don't show this message again'. Stay in Selective Startup.

    Now go offline> File> Work Offline. Run the AVG program from the desktop to install.
    Go back online and run update for AVG, then run an initial scan.

    Have SuperAntispyware remove it's findings. Run HijackThis again and post the log. We will remove any 'left-over entries ad well as uninstall the AV you don't want.
     
  7. XracerX05

    XracerX05 TS Rookie Topic Starter

    I just d-loaded the avg 8.0, I'm going to install it as per your instructions. But one thing, the about:blank homepage thing.. That's what I prefer to use as my homepage and have always had it set as such, since I don't like having to wait for or cancel a loading homepage as soon as I open my internet explorer. I didn't know if that would make a difference or not, maybe making it appear like the hijacker was on there? I just keep my homepages set to about:blank. I will go through the rest and report back to you. Thanks very much for your over the top help here
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That was my mistake- my apology. The entry for for malware would have shown up as:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    Clearly your shows as:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    Telling me that you set the blank page confirms it. Sometimes it's not easy to distinguish. Let me know if you have any problems with the rest. Please excuse my 'over diligence'.
     
  9. XracerX05

    XracerX05 TS Rookie Topic Starter

    Well, finally got done installing AVG8 and running these programs again.. Everything looks ok to me. Here are the logs, lets see what you think. Thanks alot for all the help.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we have a mystery!
    What have you done between running SuperAntispyware in Post #5 on 10/21/08 and the same program on 10/23/08 in Post #9? Did you download anything? Install any new program or Applications, with exception of AVG v8 on the site I left?

    The first SuperAntispyware shows 1 Tracking Cookie and:
    The second SuperAntispyware shows multiple Tracking Cookies and:
    And running HijackThis in Post #5 and same in Post #9?
    First HijackThis:
    Second HijackThis:
    The first MBAM log found and removed multiple malware entries. The second log shows you're clean, but it appears you have picked up Zlob, AdYieldManager andWildTangent, But the mbam log isn't catching it.

    You can have SuperAntispyware remove all of the findings, but then we need to figure out where to go next.
     
  11. XracerX05

    XracerX05 TS Rookie Topic Starter

    Hmm, I did run a Microsoft Windows update to service pack 3, but I thought that was after I posted all those logs. Possibly that my girlfriend got on here for something between then though. I remember that the Wildtangent stuff is something that came with this computer I think when I bought it, but I did not install it, or I took it out a long long time ago. I believe that C-dilla runs because of Auto-Cad. I'm going to run thorough scans of all programs including AV. Then let ya know if something else turns up. Thanks
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The mystery continues:
    Refer to my comments about when Wild Tangent appeared- and which logs didn't show it! You need to find out what was done if there is another user. We need to curb any outside functions until the system is clean and stable.

    By the way, DO NOT use the System Restore feature! We will drop the old restore points when through. They can have the malware and because they are protected files, the cleaning programs don't remove from there.
     
  13. XracerX05

    XracerX05 TS Rookie Topic Starter

    Ran complete AVG scan, Super spyware, and Malwarebytes. Also HIjack this again.. Avg removed 6 tracking cookies. Not sure how the wildtangent thing is coming about, she knows nothing of it. I know I haven't done anything with it either. I don't see it in the add/remove programs, nor in any of the program list-- start menu. Here are the logs.. Again, thanks a bunch for the help
     
  14. XracerX05

    XracerX05 TS Rookie Topic Starter

    oh, and system restore is turned off too...
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, the logs look good to me. You might want to remove this- it's left over from a time when you ran the Trend Micro Housecall- sticks on the system unless you beat it over the ehad and send it packing!
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

    Have SuperAntispyware reomve the Cookies. You might want to raise the Cookies control as follows:
    Internet options (through Tools in IE or Control Panel> Privacy tab> Advanced button> CHECK 'override automatic Cookie settings'> CHECK Allow first party Cookies'> CHECK 'Block third party Cookies;> CHECK 'allow per session Cookies'> Apply> OK.

    Be sure to UNCHECK the System Restore turn off and set a new, clean restore point.

    It's a mystery when WildTangent can from and even more, where it went! Weird. IF you running well and don't have the problems, I'll turn you loose. You id a good job. It was my pleasure to help you.

    Let us know if you need more help.
     
  16. XracerX05

    XracerX05 TS Rookie Topic Starter

    Sounds good, thank you very much for your help. Just for my info. what is the difference between 1st party and 3rd party cookies? Is 1st party the page you are trying to directly open, and 3rd the ones that bombard you while trying to load? Just trying to understand what I'm changing and how things will be affected before I do it. Thanks again
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    First party Cookies are for the site itself. Third party are for ads, partners and all the other junk!

    Example: If you're on this site, Cookie for techspot.com is first party. A Cookie from waytoomany.com/ads/ would be third party. These include such as doubleclick.com, tribalfusion.com, etc.
    (Example only)

    You can watch as the are loading in the lower left corner of the screen, right above Start. You may see them go by, but if they are blkocked, they won't get on your system.
     
  18. XracerX05

    XracerX05 TS Rookie Topic Starter

    Ok, I got it now... I set the cookies as such. Thanks alot, that should cure some of that. I think that clears everything up for now. Thanks for all the help.. Tim
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, let remove the cleaning programs:
    Clear your existing System Restore points and establish a new clean restore point:
    Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
    Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
    This will remove all restore points except the new one you just created.

    That should finish you up. You did a good job. It was a pleasure working with you. Let us know if you need more help.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...