TechSpot

My HJT file

By mehouse
Jul 17, 2007
  1. My computer has become infected with Adware (Virtu.Monde) and viruses galore. While surfing the web, I have had random windows open and windows look alike pop ups telling me my computer is not secure.

    I have scanned my computer with Norton and it finds nothing! Then I scanned with all 4 of the web products you recommended and it found tons. Sometimes though they would just shut down (after 2 hours of scanning), so I didn't rescan. I believe Bit Defender and F-Secure were the successful ones. I've also ran Trojan Hunter and Trojan Remover numerous times. Trojan Remover always gives an error saying it is unable to remove all of the files (specifically mljjgda.dll) and I have tried using MoveOn to delete it but it always reappears! I just scanned with AVG and it still found 64 files which were either Quarantined or deleted. Then I rebooted in safe mode, and here is my Hijack This log. I'm not sure if I've gotten rid of all the viruses, spyware, etc. or if there's still more I need to delete.
    Any help is appreciated.
     

    Attached Files:

  2. CCT

    CCT TS Evangelist Posts: 2,653   +6

    Hello - please link to the following and read it:

    http://www.techspot.com/vb/topic65943.html

    If you decide to clean rather than reinstall, please link to the following site and follow EVERY STEP:

    http://www.techspot.com/vb/topic58138.html


    This thread is for the use of mehouse only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

    Please note: our Experts are away - this advice will start you on the road to recovery. Follow ALL steps.
     
  3. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    I have followed the 15 steps and I'm now posting my new Hijackthis and AVG log files. Thanks for any help!
     

    Attached Files:

  4. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Forgot the ComboFix logs:
     
  5. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    It seems like I'm not getting any more pop-ups while websurfing. I'm just wondering if my system is clean now. Thanks!
     
  6. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please rerun ComboFix and post a fresh log. It may get rid of more nasties on the second try.

    Regards :)

    This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  7. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Thanks for your reply! Here is the fresh ComboFix log.
     

    Attached Files:

  8. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

    Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

    [​IMG]

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    Please navigate to www.virustotal.com.

    In the Upload a file section, click the Choose... button.

    Navigate to the following file:

    C:\WINDOWS\system32\drvhum.dll

    Click the Open button, then click Send File.

    Make note of the results.

    Then do the same with the following file:

    C:\Program Files\USoft\usoft32.exe

    Please post the ComboFix log and the VirusTotal results here.

    Regards :)

    This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     

    Attached Files:

  9. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Thanks for all your help. Here's the new ComboFix log.
    Neither of those files you wanted me to upload to that site were in those locations. I do not have a Program Files/Usoft folder. I did a search of my entire computer for usoft32.exe and got no results. I searched for the drvhum.dll and it was located in C:\Qoobox\Quarantine (so it had been quarantined by AVG). I ran it through the Virustotal website and I've posted the results in a text file. Mostly no virus found, but there were a few viruses and 1 adware.
    Thanks again!
     
  10. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Please follow the above CFScript instructions again, only this time use the one attached to this post.

    Then attach the resultant log into your reply, as well as a fresh HJT log.

    Regards :)

    This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     

    Attached Files:

  11. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Okay, here's the new logs.
    Thanks!
     
  12. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Great, I believe all is now as it should be.

    However, I haven't done a lot of work with ComboFix yet, so I'll let one of our experts check the logs before giving the final instructions.

    Regards :)

    This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  13. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Okay, thanks so much! I'll wait for his opinion!
     
  14. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Cool. I think he just got back from a trip today, so he should be by here soon (I sent him a PM).

    Regards :)
     
  15. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    I just ran AVG again (3rd day in a row) and I keep getting all these tracking cookies. There's always 32 of them. Burstnet, Doubleclick, Questionmarket, Fastclick, Mediaplex, RealMedia, Valueclick, Burstbeacon, Tribalfusion, Webtrendslive are some of their names.
     
  16. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    AVG often finds tracking cookies, but in general, they're very low risk. They're used, I think, to monitor your surfing habits so that websites can display advertisements "relevant to your interests." You can remove them, or set your browser to block them.

    I haven't seen momok yet, so I'll give you the post-cleaning instructions awhile.

    Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

    Turn off system restore (XP/ME only). See how HERE
    This will remove all your system restore points, including any malware hiding in them.

    After that turn system restore back on.
    This will create a new, clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article. This can help to prevent future infections.

    Should you have further virus/spyware problems, please post in this thread.

    Regards :)

    This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  17. mehouse

    mehouse TS Rookie Topic Starter Posts: 17

    Thanks so much for all your help. My PC has been running 'normally' for the past few weeks and all scans are returning no viruses/spyware.
    Thanks again!
     
  18. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Yup, not a problem.

    If you have any further problems, don't hesitate to ask.

    Regards :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...