Need some help, thanks in advance

Status
Not open for further replies.
T

TheAngelGibreel

Hi all. I've been attempting to clean up my folks' computer of a virus (viruses?) that it has... problem is I barely know anymore than they do, haha.
Every so often, a blank IE page is opened up. If we close it, another one simply opens in its place.
I've followed all the instructions you have very helpfully posted and attached the logs. The Panda Antirootkit didn't find anything.
Thanks for the help!
 

Attachments

  • hijackthis.log
    12.5 KB · Views: 5
Hello Welcome TechSpot

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
O4 - HKCU\..\RunOnce: [DelayShred] "c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\APDQG3YG\TOPIC_~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\4D0R5Q8M\TOPIC_~2.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\YDTUMM60\_14047~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\VTE8XV0O\IEPERS~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\YDTUMM60\TCODE_~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\4D0R5Q8M\WRAPPE~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\YDTUMM60\CNN_CO~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\KKRD4JTO\INDEX_~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\7JKI0I7R\TOPIC_~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\HMMSL7HD\HISTOR~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\WHMNLSYM\TOPIC_~1.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\4D0R5Q8M\INDEX_~2.SH! C:\DOCUME~1\ALANWE~1\LOCALS~1\TEMPOR~1\Content.IE5\GS9N6N7B\TOPIC_~1.S
O15 - Trusted Zone: http://www.encorelegal.com


Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.*Reboot

After that, Reboot, and post a new HijackThis log here in a reply
 
How is your computer running now

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
 
Hi :

Your Folks computer has a Java program that is about 6 "Updates/Versions"
behind, a serious security risk ; it should be uninstalled and any other "version" of
this program that MAY be on the computer . Should ONLY have the latest version
which is available at www.java.com .
You never did mention WHY you thought your folks computer had a "virus" !? IF
it is because the computer is responding "slowly", it MAY be caused by the
"presence" of McAfee and Ad-Aware, which I would NOT have on my computer .
And combining that with using AOL as their Internet Service Provider makes the
situation worse . IF paying for antivirus, should have the superior "NOD32"; and
the FREE Avira/AntiVir is much better than McAfee .
 
SpiritWind

Please do not jump in when we are in the process of removing the malware java will be updated when the time is right
 
The computer seems to be running fine atm. After speaking a bit more with the people who actually use this computer, it seems like the "never-ending IE window" thing only happens every couple of days (don't know if this is helpful but knowledge is power I guess). I've attached the ActiveScan txt. Once again, thanks for walking me through this!
 
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
 
Here's the report, copied and pasted like you requested:

Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 5.1.2600 Service Pack 2

11:43:32 AM 8/6/2008
mbam-log-8-6-2008 (11-43-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 117414
Time elapsed: 1 hour(s), 50 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Well looks good we just need to clean up. How is the computer

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.[/QUOTE]
 
Status
Not open for further replies.

Similar threads

S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
Shawn Knight
2018 iPad Pro review round-up: almost a suitable laptop replacement
Replies
6
Views
1K
ypsylon
ypsylon
P
Solved 4 Internet Explorers Running in Task Manager while none actually open
2
Replies
27
Views
4K
Broni
Broni

Latest posts

Back