TechSpot

Please take a look at my logs and let me know if my system is clean

By vecnaa
Jun 17, 2007
  1. Hi Guys,

    I was recently infected with a large amount of spyware/malware/trojans and tried to get rid of them with the steps described on your forum. Please can you take a look at the logs I have attached and let me know if my system is now clean or of there are any lingering problems. I greatly appreciate your help :)

    AVG Anti Virus (scan came out with two trojans which was fixed - ran clean on next two consecutive scans)

    SS&D (only tracking cookies found)

    Ran the following tools (results in parenthesis)
    Tool 1 Smitfraudfix (found infected files and fixed)
    Tool 2 Virtumondobegone (was clean of infection - virtumonde was detected before though looks like its gone now)
    Tool 3 Vundofix (was clean of infection)

    AVG Anti-Rootkit results:
    There were no installed rootkits found on your computer.

    Logs Attached:
    Combofix Log / Combofix Quarantined Files Log
    Hijack This Log
    AVG Anti Spyware Log
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Run the Ccleaner programme as per step9 of the instructions HERE.

    Delete the following folders.

    C:\VundoFix Backups
    C:\qoobox

    All your logfiles look clean. However, I`d like you to have a file checked out over at Jotti`s.

    Please visit this link http://virusscan.jotti.org/
    * Click the Browse... button
    * Navigate to the following file C:\WINDOWS\system32\ope870.exe

    * Click Open
    * Please let me know the results.

    Regards Howard :wave: :wave:

    This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. vecnaa

    vecnaa TS Rookie Topic Starter

    Thanks Howard!

    Hi Howard,

    I just ran Ccleaner (step 9) a few times and also deleted the folders you specified. I went on Jotti's to scan that file C:\WINDOWS\system32\ope870.exe but could not find it in my browse. I went into the system32 folder and could not find it at all. I wonder what happened - maybe one of the programs deleted it.

    Thanks for all of your help :)

    Thanks,
    Vecnaa
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You may need to show hidden files and folders.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    See if you can now find the file.

    If you can, get it scanned, then rehide your protected OS files.

    Regards Howard :)

    This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. vecnaa

    vecnaa TS Rookie Topic Starter

    Malware found - ope870.exe

    Hi Howard,

    I changed the settings to show system files too (I only had show hidden files checked but the system files were still hidden) and found the file ope870.exe. I ran the file through Jotti's and two sites have this file listed as a malware :(. What do you recommend I do to remove this?

    Thanks for your help again!

    File: ope870.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: e83506890a56284c6c42ce644d29ac05
    Packers detected: Analyzing...
    Bit9 reports: File not found

    Scanner results
    Scan taken on 17 Jun 2007 22:03:13 (GMT)
    A-Squared Found nothing
    AntiVir Found TR/Spy.Agent.98893
    ArcaVir Found nothing
    Avast Found Win32.Delf-DLH
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, since there appears to be some doubt as to whether the file is nasty or not, please do the following.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ope870.exe

    Close task manager.

    Now, rather than deleting the file, right click on it and add it to an archive. In other words, zip it up, then delete the original ope870.exe file, so that you only have the zipped up file left. See how your system runs for a few days and providing you don`t have any problems, you can then delete the zip file. As long as the file is zipped up it can`t do any harm.

    Reboot into normal mode and rehide your protected OS files.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. vecnaa

    vecnaa TS Rookie Topic Starter

    Thank you so much Howard!

    Hi Howard :)

    I just followed your final instructions. Thank you so much for all the help! Now I have peace of mind :). Thank you thank you thank you!!

    Have a great evening :)

    Thanks,
    Vecnaa
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...