TechSpot

Need help parsing Trend Micro log file

By oreida
Mar 21, 2008
  1. My computer had an issue where my web browser was hijacked. I have restored my computer to point in the past and don't seem to be having any problems, but want to make sure my computer is actually clean. So, I ran Trend Micro HijackThis v.2.0.2. I have attached the log file and really could use some help in parsing it to make sure my computer is in fact clean.

    Thanks for any help.
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Hi oreida,

    Im looking over your log now, please understand that this takes time. I'll post back in a few hours with my findings.


    This thread is for the use of oreida only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    It's interesting that your Norton Antivirus didn't help! (but not shocking news, that's for sure)
    Sorry just a Norton bias I have !

    As for reading your lengthy HJT log, you should do two things first (3 if you decide to uninstall Norton too)

    1. Run this in full: Viruses/Spyware/Malware, preliminary removal instructions
    2. Remove unneccessary startups: Startup Control Panel will help


    My point exactly !
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Hi oreida,

    Do you have Norton installed and if so was it just turned off?

    You really need to sort out the amount of stuff on your computer,

    Create an uninstall list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager button.
    • Click the Save list button.
    • Attach this log in your next post

    Create a startup list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Check both boxes next to Generate StartupList log
    • Click the Generate Startuplist Log button.
    • Attach this log in your next post

    Open HijackThis and select do a system scan only,
    Put a check next to the following entries,
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - Global Startup: SetPoint.lnk = ?

    Close all browsers and windows except HijackThis and select fix checked.

    Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\kdusac\smss.exe for scanning.

    For Virus Total

    1. Please copy and paste C:\Windows\system32\wininit.exe in the text box next to the Browse button.
    2. Click on Send File.

    For Jotti

    1. Please copy and paste C:\Windows\system32\wininit.exe in the text box next to the Browse button.
    2. Click on Submit.

    Let me know the results.

    Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
    3. When the downloads have finished, click on Next button.
    4. Click on Scan Settings button.
    5. Select extended under Scan using the following antivirus database:
    6. Check (tick) these boxes under Scan options:
      • Scan Archives
      • Scan Mail Bases
    7. Click OK
    8. Click on My Computer under Please select a target to scan:
    9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
    10. Attach this log in your next reply.

    Navigate to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe and right click on HijackThis.exe and rename it to crusty.exe then send a shortcut to the desktop.

    Right click on the crusty shortcut and run as administrator, select do a system scan and save a log file. Post the log as an attachment back here.

    In your next reply you should post,
    1)HJT unistall list
    2)HJT start up list
    3)New HJT log
    4)Results of virus total and Jotti
    5)Kaspersky report


    This thread is for the use of oreida only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. oreida

    oreida TS Rookie Topic Starter

    Here is the information you requested.

    A) I had Norton installed when I had my problem originally, but when I restored it was to a point in time before I had Norton.

    All requested pieces of information are attached with file names listed below.

    1) unistall_list.txt
    2) startuplist.txt
    3) hijackthis_new.log
    4) Nothing was found in either scan.
    5) kaspersky.txt
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Ill look over your logs as soon as I can, sorry it isnt sooner but for some reason i didnt get an email about your post.

    Can you re run the kaspersky one though , theres nothing in that post.
     
  7. oreida

    oreida TS Rookie Topic Starter

    Re-run Kaspersky

    I have re-run Kaspersky and attached new log file.
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Make sure you turn on Norton, rubbish though it is, it at least offers some protection.

    Download Syware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer.
    It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from HERE

    How is the computer running at the minute?
     
  9. oreida

    oreida TS Rookie Topic Starter

    Current Status

    The computer appears to be running fine at the moment... I just wanted to be sure that the restore point I used didn't already have the "hijacking" done to it.

    Does it seem to look ok to you?

    Thanks for your help. I really appreciate your time!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...