basilisk92
Posts: 18 +0
I've read and followed all instructions on preliminary virus/malware/spyware removal.
Attached is log, please help!! Thanks.
Attached is log, please help!! Thanks.
Need help with log files, already done all steps
- Thread starter basilisk92
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
Did you run combofix or DSS if so please attach the log and also
Malwarebytes' Anti-Malware
- Please download Malwarebytes' Anti-Malware from from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
- then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. please attach this log with your reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
basilisk92
Posts: 18 +0
combofix log attached
I did run combofix, log is attached.
Please review, and thanks!
I did run combofix, log is attached.
Please review, and thanks!
Blind Dragon
Posts: 3,774 +4
Combofix should be installed to the desktop not the program files folder
That is not a complete log - Please let me know once it is moved
That is not a complete log - Please let me know once it is moved
basilisk92
Posts: 18 +0
I moved Combofix to desktop, however, I found 2 other copies of Combofix and some assiciated files.
Should I delete those?
Should I delete those?
basilisk92
Posts: 18 +0
I also ran malwarebytes being I saw it in your first reply, I've attached the log.
I didn't know if you wanted me to run the program so if you need to me to do the steps
over again I will.
Thanks,
I didn't know if you wanted me to run the program so if you need to me to do the steps
over again I will.
Thanks,
Blind Dragon
Posts: 3,774 +4
First of all look at the names in the MBAM log - those are a giveaway that you are infected with Backdoor Trojans and Info stealing viruses - That means if you do any online banking - use your credit card online ect. - you should have a read Is your system infected? Read this before Cleaning or Formatting
-----------------------------------------------------------------------------------------
If you decide to clean your system -> Delete the old versions of combofix we only want the most recent version on there
Go to Microsoft's website here --> http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
Windows XP SP2
Download the file and save it as it's original name to your desktop
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please attach that log here.
Attach CF_RC.txt here
-----------------------------------------------------------------------------------------
If you decide to clean your system -> Delete the old versions of combofix we only want the most recent version on there
Go to Microsoft's website here --> http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
Windows XP SP2
Download the file and save it as it's original name to your desktop
Close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please attach that log here.
Attach CF_RC.txt here
basilisk92
Posts: 18 +0
Please let me ask you a question, my primary concern are gigs of photos saved on the hard drive and some word type documents. But based on your link, it looks like
I need to format/reinstall. I check my various accounts almost daily and nothing has thus happened so far. I have already changed most user names and passwords on my various accounts. So far I have seen nothing funky there yet, fortunately.
Given this information, is it worth the risks you speak of to save the photos and word documents?
I would really appreciate your advice.
Thank you
I need to format/reinstall. I check my various accounts almost daily and nothing has thus happened so far. I have already changed most user names and passwords on my various accounts. So far I have seen nothing funky there yet, fortunately.
Given this information, is it worth the risks you speak of to save the photos and word documents?
I would really appreciate your advice.
Thank you
Blind Dragon
Posts: 3,774 +4
Though I would recommend backing up those types of files regularly - I am not suggesting a format or reinstall - we are simply installing a recovery console as precaution in the event that something were to go wrong we could recover the system
basilisk92
Posts: 18 +0
I followed your last instructions and deleted old versions, downloaded and opened recovery file with combofix and it produced a log which is attached.
However, when it popped up, it popped up as "log" so I saved it that way.
However, when it popped up, it popped up as "log" so I saved it that way.
Blind Dragon
Posts: 3,774 +4
Are the files you were concerned about installed directly in C:\program files
And did you purposely install movies ect. there?
And did you purposely install movies ect. there?
basilisk92
Posts: 18 +0
Yes, I put them there. No, I do not care about those. I can certainly remove them.
Blind Dragon
Posts: 3,774 +4
Run CFScript
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Save this as CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
basilisk92
Posts: 18 +0
Attached are both logs requested.
Blind Dragon
Posts: 3,774 +4
launch hijackthis
check all those 018 entries
close all windows except hijackthis
select fix checked
============================================================
empty your recycle bin
============================================================
Run Kaspersky Online AV Scanner
In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
check all those 018 entries
close all windows except hijackthis
select fix checked
============================================================
empty your recycle bin
============================================================
In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
basilisk92
Posts: 18 +0
Attached, took a while to scan.
Blind Dragon
Posts: 3,774 +4
Not good - you had this same info stealing rootkit that is going around - it logs keystrokes and can steal account information ect. It also has stealth capabilities. Combofix quarantined the main part of it, but there may be left overs that I cant see. All I can suggest is that we scan for it.
-----------------------------------------------
I'll go ahead and work up the next set of instructions - but I have to ask do you use outlook often? It appears there are some viruses in your inbox
-----------------------------------------------
I'll go ahead and work up the next set of instructions - but I have to ask do you use outlook often? It appears there are some viruses in your inbox
Blind Dragon
Posts: 3,774 +4
Please download Qoofix by Rubber Ducky to your desktop.
------------------------------------------------------------------------------
OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.
-----------------------------------------------------------------------------------------------
Update Mcafee and if it has an email scanner I would use that otherwise time to delete emails that might be shady.
Attach both logs here for me
- Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
- Close all windows and programs, including internet windows.
- Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
- Click Begin Removal and wait for the scan to finish
- If Qoofix finds an infection, select yes to restart your computer
- You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt
Attach this log here for me
------------------------------------------------------------------------------
OTMoveit2 by OldTimer
Please download the OTMoveIt2 by OldTimer.
- Save it to your desktop.
- Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:[b][kill explorer] C:\Program Files\anonymousfriend.exe C:\WINDOWS\CouponBarIE.dll C:\Documents and Settings\Owner\Desktop\installer.exe purity [start explorer][/b] - Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
- Click the red Moveit! button.
- A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and attach its contents in your next reply.
- Close OTMoveIt2
-----------------------------------------------------------------------------------------------
Update Mcafee and if it has an email scanner I would use that otherwise time to delete emails that might be shady.
Attach both logs here for me
basilisk92
Posts: 18 +0
Attached are both logs. I deleted all emails from outlook. Tried updating Mcafee but was up to date.
basilisk92
Posts: 18 +0
whoops, attached is the correct log for qoofix
Blind Dragon
Posts: 3,774 +4
what about the C:\Qoofix\Qoofix Logfile.txt
Blind Dragon
Posts: 3,774 +4
- Please download ATF Cleaner to your desktop from HERE
- Double-click ATF Cleaner.exe to open it. Vista users: Right Click and Select Run as Administrator
- Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
- Firefox or Opera installed:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------------------------------
Let's run one more scan with kaspersky just like before it should be a lot faster
basilisk92
Posts: 18 +0
The qoofix log I posted is the only qoofix log I could find. I looked up C:\Qoofix\Qoofix Logfile.txt but it would not let me search with \ in the search field.
I completed instruction for ATF cleaner.
I am running the Kaspersky scan now. It is downloading definitions which takes like an hour. Hopefully like you said the actual scan will take less.
I will post log as soon as it's done.
I completed instruction for ATF cleaner.
I am running the Kaspersky scan now. It is downloading definitions which takes like an hour. Hopefully like you said the actual scan will take less.
I will post log as soon as it's done.
Blind Dragon
Posts: 3,774 +4
k, good work, I asked for the qoofix log at the same time you posted it
basilisk92
Posts: 18 +0
Took 5 1/2 hours but completed.
Attached is log.
Attached is log.
- Status
Similar threads
Latest posts
-
Fallout 4 mod downloads skyrocket following launch of TV series- Farkinell replied
-
Apple secures supplier to replace physical buttons on iPhone- Atmajaya2020 replied
