TechSpot

My system got infected

By jessa_jr
Nov 7, 2007
  1. Hi there good day. My pc is infected with a downloader and a win32 virus. I already scanned it using hijackthis, combofix, avg anti-spyware and avast but my system is still infected.

    I found a downloader and fix it when I scanned it using avg anti-spyware but I can fix the problem and still the system is infected. And also the virus disable my add remove program and the system restore setting and I can't turn it off.

    Attached is my hjt log.

    Thanks in advance.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your system is infected with a variety of malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :)

    This thread is for the use of jessa_jr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    Logs

    Here are my logs.

    And also I can't remove the google toolbar in the add remove program

    Kindly help thanks
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I don`t know why you found it necessary to post log files I didn`t ask for and not to post the results of the Panda Antirootkit scan that I did ask for.

    It also appears you haven`t run the Vundofix tool from the instructions. Why is this? I suggest you run it ASAP.

    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:



    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :)

    This thread is for the use of jessa_jr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    fresh logs

    Im very sorry for not following the instruction I thought that the other logs will help you to easily determine the virus.

    And I already scanned it using vundo fix before I post the logs and the panda Anti-rootkit dont scanned any rootkit at all.

    Thanks hope to get back from you as soon as possible

    Regards
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    All clean.

    Delete the following folder.

    C:\qoobox

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of jessa_jr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. jessa_jr

    jessa_jr TS Rookie Topic Starter Posts: 35

    Thanks

    Thank you always

    Regards

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...