Need a Second Hand Opinion

By TheJediSlayer
Jun 7, 2009
Topic Status:
Not open for further replies.
  1. Hello,

    Well, I need a second hand opinion, please, about what I should do and if anyone could please help me resolve this problem without having to reformat my computer. Yes, I realize that I haven't explained the problem, so here it is. Basically my friend went onto my computer, surfed the web, and managed to get me a few trojans/adware onto my computer. Fortunately I found a good amount of the stuff and have removed it. However, as pointed out in the link below, I am told that my computer is not entirely "free" of bad stuff. So, I was hoping that someone in the Techspot community would be kind enough to give a few minutes of their time to review the link below and determine the best course of action, and if at all, avoid a reformat at all cost.

    Thanks,

    Tyler

    Link:
    http://www.maximumpc.com/forums/viewtopic.php?t=94279
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you would like us to check the system for malware, please follow the steps in the Virus and Malware Removal>> http://www.techspot.com/vb/topic58138.html

    Attach the three logs when through and include log from full system scan with AV program. We'll review the logs for remaining malware.

    I did not go to the other forum.
  3. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    Hello,

    As per request, here are the logs.

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You may have some security conflicts. BitDefender, WOT, Haute Secure- so be aware of that. I don't see any malware in these 2 logs, but need the following for additional information:

    Please run a full system scan with BitDefender AV. If anything is found, please attach log.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Did you run Superantispyware initially? Was anything found?

    Please attach logs from AV and Combofix report.
  5. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    Thank you again for looking over my logs! :}
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I recommend you tighten up your firewall rules. You have a lot of gaming going through and the Dyyno P2P Source Application "enables gamers to broadcast their games live to large audiences ... It combines instant messaging, a server browser, peer-to-peer file ..." From WOW

    Do be too generous with what you allow through. I can't clear you completely because some of your security was running when you scanned using Combofix:
    AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    Instruction for Combofix are:
  7. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    **UPDATE**

    Turns out that I have a trojan on my computer that simply refuses to die. Trojan's process is PEV.exe. I've tried using SUPERAntiSpyware on it and it claims to remove it, but the trojan continues to appear every time I've done a scan. No other anti-tools detect the trojan in question. Need advice for permanently removing it.

    Thanks,

    Tyler
  8. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    **UPDATE 2**

    Log files with NO Anti-detection tools turned on.

    I still, unfortunately, have the trojan with the known file type of pev.exe. Cannot seem to remove it, even after quarantining and removing it, then doing a system restart. Using Superantispyare to get it.

    Attached Files:

  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You should EDIT you post to add information, not give new reply.

    I'm going to see if kritius will take this over. You second HijackThis log isn't complete and Combofix entries need to be removed. I should have had you start at the beginning here. Working between two-or more- forums is not the way to go!

    Never do a System Restore when cleaning! You reinfect the system and undo everything that was done previously.
  10. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    The hijack log is not incomplete. The reason why there are so few running processes, etc, is because I disabled all services/startup items in MSCONFIG. Here is another hijack log with all startup/services re-enabled.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You can't run a computer with everything disabled! I'll be back later this afternoon.

    Please check back because I am going to reply as en Edit to this.
     
  12. kritius

    kritius TechSpot Guru Posts: 2,087

    Hi,

    Go to start and then run and type,

    combofix /u

    RSIT
    Download random's system information tool (RSIT) by random/random from HERE and save it to your Desktop.

    • Double click on RSIT.exe to run.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt <will be maximized and info.txt <will be minimized
    • Please post the contents of both logs in the next reply.

    Rooter.exe

    Download Rooter.exe to your desktop.
    • Then double-click it to start the tool.
    • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here.
  13. TheJediSlayer

    TheJediSlayer Newcomer, in training Topic Starter Posts: 182

    Here are the logs you requested. Thank you for your help so far, guys.

    EDIT

    Sorry, but for some reason, there seems to be a block on my ability to be able to upload a fourth file for combo. The combo file, though, is further up the post.
  14. kritius

    kritius TechSpot Guru Posts: 2,087

    I'll look over this in the morning, its late and I'm tired.

    Also I was asking you to uninstall combofix, not run it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.