My Hijackthis log - what to delete?

Status
Not open for further replies.
P

PJPJ

Hello experts of the forum,

I found this site after discovering I have a trojan virus called twink64 or WIN32.delt.trojan.b or something like that. When I press control + alt + delete, I only see "comm" and "winamp" and "twink64" in the window, not the usual applications at all.

Anyway, I followed the instructions on the site, made a HJT root folder on my C drive and ran the program. I saved the log in the same HJT folder.

Here's my log in the txt attachment. What should I delete??

THANKS!
PJ
 

Attachments

  • hijackthis.log.txt
    4.9 KB · Views: 10
Followed instructions, PLEASE check HJT log

realblackstuff said:
Go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location.
How to remove Begin2Search/Coolwebsearch and Other Nasties

While in HJT, mark the twink-program as well to be fixed.

Then see How to post your Hijackthis log-files as an attachment.
Click to expand...


Hi realblackstuff,

I followed all the instructions and ran Adaware and Spybot. Then Hijackthis again and deleted a lot of files, I think I got the twink64 file and some others too.

Can you please check my HJT this? I think there is still something because when I press control+alt+delete I don't see any applications listed at all, as I normally would in the dialog box. I had one error message pop called "explorer" up with the message "this program has performed an illegal operation and will be shut down...". That was strange.

Also, the "Running Processes" you see in my log don't show up in the HJT this where you could check them for fixing.

Anyway, please check my log, it's realy short!!
Thanks so much
PJ
 

Attachments

  • hijackthis5june29.log.txt
    1.7 KB · Views: 9
Tick & fix the following

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.194.90.249/search.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 140.99.106.182 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Post a fresh log.
 
I'm not sure about your new log, it has a funny smell...
No Antivirus, way too many things gone after your first log...
Clean format/install, before any other programs? You're wasting my time, if so.
 
realblackstuff said:
I'm not sure about your new log, it has a funny smell...
No Antivirus, way too many things gone after your first log...
Clean format/install, before any other programs? You're wasting my time, if so.
Click to expand...


Sorry, but I really don't understand what you mean by "Clean format/install, before any other programs?". :confused: I ran Adaware and Spybot and HJT and "fixed" all the files that seemed dangerous according to the instructions. I also uninstalled (correctly from the control panel) a few programs like Adobe Reader that I can easily download from the net once this is all over, just to clean things up and make more sense of my log. I DO have an Antivirus installed on my computer.

Anyway, I'll delete the files that IronDuke said and repost my log. I'm a little worried because if I delete all those files there really won't be much left!!

Thanks
PJ
 
You removed Norton-Symantec/Zonealarm/Real Player/your printer/FTP-stuff/StarOffice and some other stuff.
Your log LOOKS like a fresh install without any other programs added (yet), which made me suspicious.
For all your efforts, it would probably have been easier to really do a fresh install.

Anyway, after IronDuke's advised changes have been made, your PC is clean.
 
OK, I fixed all the entries in my HJT log that IronDuke said to. I also re-installed my Antivirus and Acrobat Reader and set my homepage in MS Explorer to yahoo.com. Strangely, I still don't see any entries listed when I press Control+Alt+Delete. Let's hope there are no more problems.

I'm reposting my log for a final check, as IronDuke suggested. There are a lot more Running Processes than before.

Thanks so much to IronDuke & realblack stuff for the help!!!!

PJ
 

Attachments

  • hijackthisjuly02.log.txt
    1.7 KB · Views: 5
There's nothing there that shouldn't be. Once again it seems uncharacteristicly brief.
You need to put a firewall back.
Try also Ewido
 
Status
Not open for further replies.

Similar threads

NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
Humza
WD asks users to unplug their My Book Live drives from the internet following mass data...
Replies
22
Views
3K
captaincranky
captaincranky
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni

Latest posts

Back