hi to everyone here,this is my first thread here. i found that my pc was infected by malware call downloader.agent.awf.i follow the instruction given and try to clean my pc.here i will attach the log file...thanks for yours help....
my pc infected by downloader.agent.awf
- Thread starter helmut_lim
- Start date
- Status
kitty500cat
Posts: 1,391 +6
Hello and welcome to TechSpot. :wave:
I see that you have MyWay/MyWebSearch installed. That's malware.
Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.
If, after reading the above thread, you decide to clean your system, follow the instructions below exactly:
Go into Add/Remove Programs in Control Panel, and uninstall any thing having to do with MyWay or MyWebSearch.
Have HJT fix the following bold entries:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Then download Spybot - Search & Destroy from a link within this thread. Have it make a backup of your registry and then check for and download updates. Once you're all done with that, run it and remove whatever it finds.
Then delete the following bold files and/or folders (if there):
C:\Program Files\MyWaySA<delete the entire MyWaySA folder
Finally, turn off system restore and turn it back on. (see how here). This will delete all your former restore points and nasty stuff in them and create a new, clean restore point.
Then post fresh AVG Antispyware, ComboFix, and HJT logs as attachments into this thread.
Regards
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
I see that you have MyWay/MyWebSearch installed. That's malware.
Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.
If, after reading the above thread, you decide to clean your system, follow the instructions below exactly:
Go into Add/Remove Programs in Control Panel, and uninstall any thing having to do with MyWay or MyWebSearch.
Have HJT fix the following bold entries:
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Then download Spybot - Search & Destroy from a link within this thread. Have it make a backup of your registry and then check for and download updates. Once you're all done with that, run it and remove whatever it finds.
Then delete the following bold files and/or folders (if there):
C:\Program Files\MyWaySA<delete the entire MyWaySA folder
Finally, turn off system restore and turn it back on. (see how here). This will delete all your former restore points and nasty stuff in them and create a new, clean restore point.
Then post fresh AVG Antispyware, ComboFix, and HJT logs as attachments into this thread.
Regards
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.
million thanks to kitty500cat. i should do a fresh avga,combofix,hjt scan in safe mode or in normal window mode?i done these fresh scan in normal mode.
howard_hopkinso
Posts: 21,238 +17
Hello and welcome to Techspot.
The fresh scans in normal mode are spot on.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - AppInit_DLLs:
Click on the fix checked button.
Close HJT and reboot your system.
Post a fresh HJT log, just to make sure your system is clean.
Regards Howard :wave: :wave:
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
The fresh scans in normal mode are spot on.
Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).
O20 - AppInit_DLLs:
Click on the fix checked button.
Close HJT and reboot your system.
Post a fresh HJT log, just to make sure your system is clean.
Regards Howard :wave: :wave:
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
thanks so much for ur helps,howard_hopkinso~ :grinthumb
here i attached my lastest HJT scan log..
here i attached my lastest HJT scan log..
howard_hopkinso
Posts: 21,238 +17
Your HJT log is clean as a whistle.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
If you have any further virus/spyware problems, please post in this thread.
Regards Howard
This thread is for the use of helmut_lim only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
so great to heard that.....thx everyone for helping me alot...
kitty500cat
Posts: 1,391 +6
cool. If you got any other problems, you know where to ask
Regards
Regards
- Status
Similar threads
