TechSpot

Need to remove spyware/malware

By ccjrseyfinest
Jun 28, 2007
  1. Hello.....

    I completed the preliminary removal procedures and have attached my HJT, AVG, and Combofix logs. The results of the AVG Antirootkit scan was that nothing was found. As far as my symptoms go, I noticed that the pages are loading slower when using the net. Also, I wanted to know if what I deleted as a result of my virus scan is going to have a negative effect on my computer. Is it possible that I deleted valuable files? Thanks a lot.

    Edited by Moderator: No need for a double post if there are no replies between your current post and the last post, unless bumping the thread. In that case, please wait at least 24 hours before doing so. Otherwise, simply use the "Edit post" button instead.

    Oh yea....I just wanted to let you know that your instructions were very easy to follow and on point. Thanks again!!
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi ccjrseyfinest and welcome to techspot. =)

    Thank you for your kind comments.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.
    Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Microsoft Windows System Kernel

    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    kernel32.exe

    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {24C9A295-F535-40D9-8F85-26D89C42D1CA} - (no file)
    O4 - HKLM\..\RunServices: [Microsoft Windows System Kernel] kernel32.exe
    O4 - HKCU\..\Run: [Microsoft Windows System Kernel] kernel32.exe
    O20 - Winlogon Notify: efcbxwx - efcbxwx.dll (file missing)
    O20 - Winlogon Notify: mlljj - C:\WINDOWS\

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\WINDOWS\system32\jjllm.bak1
    C:\WINDOWS\system32\68569206F1.sys

    Also, I'd like you to do a full search on your entire system for kernel32.exe, including all hidden system files and folders. Please let me know the results. (the full path of this file)

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of ccjrseyfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. almcneil

    almcneil TS Guru Posts: 1,277

    I noticed you didn't use Ad-Aware 2007 or Spybot Search & Destroy. Both are top rated and popular anti-spyware utilities. Give them a try.
     
  4. ccjrseyfinest

    ccjrseyfinest TS Rookie Topic Starter

    Hello again...

    I was unable to find Microsoft Windows System Kernel when doing a search and did not see kernel32.exe in the task manager. After doing a full search, I was unable to find kernel32.exe. I have attached my new logs. Thanks!

    P.S.

    I used both Ad-Aware 2007 and Spybot & Destroy as per the preliminary removal instructions.
     
  5. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look more or less clean now.

    Please download and run CCleaner via step 9 of the instructions HERE.

    Download the attached "Combofix-Do.txt" (from my attachment) and save it to the same folder as Combofix.
    Drag the Combofix-Do.txt that you downloaded earlier over on to Combofix.exe and release.

    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.


    Regards,
    Your friendly momok =)

    This thread is for the use of ccjrseyfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     

    Attached Files:

  6. ccjrseyfinest

    ccjrseyfinest TS Rookie Topic Starter

    I was wondering if the files I have deleted will have an effect on my computer in any way. Also, I wanted to know if registry mechanic is a good program to use. When I ran it, it shows that there are a lot of problems in my computer registry. How should I go about fixing this??
     
  7. almcneil

    almcneil TS Guru Posts: 1,277

    If you're using one of the top rated anti-spy, such as the 3 I suggested, you need not worry about them messing up your Windows installation. They a proven to be the best at removing known spyware.

    As for Registry Mechanic, it is the top rated registry cleaner and I recommend it. I know it lists 100s of "errors" but it's counting any slightly out of alignment when really there are only about a dozen or so that really matter. The Windows registry is a very critical area of the installation, if something important is out of alignment, it could cause the entire installation to be corrupted. I use Registry Mechanic and I have found it to be good.
     
  8. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look clean now.

    Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

    Turn off system restore (XP/ME only). Learn how to do that HERE.
    This will remove all the remaining nasties from your old restore points.

    After that turn system restore back on.
    This would have created a new safe and clean restore point for your system.

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.

    almcneil: Perhaps you could write a review detailing how to use registrey mechanic effectively for our members for registry mechanic :p


    Regards,
    Your friendly momok =)

    This thread is for the use of ccjrseyfinest only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...