Possible malware on my son's notebook?

By glhglh
Oct 30, 2008
Topic Status:
Not open for further replies.
  1. when i open IE, the tabs just keep opening and opening.

    i have attached mbam, and hyjackthis logs,
  2. Cinders

    Cinders TechSpot Chancellor Posts: 1,313   +12

  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please disable the Real Time Protection before proceeding:
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    Open Spybot s&D and disable the Resident.
    Please see this site for additional information:Temporarily Disable Real Time Monitoring Programs:
    http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs

    Download the most current Java from here. Save to the desktop. Do NOT run yet: http://java.com/en/download/manual.jsp

    * Please download SuperAntiSpyware from http://www.superantispyware.com/
    * Launch SuperAntiSpyware and click on 'Check for updates'.
    * Wait for the updates to be installed
    * On the main screen click on 'Scan your computer'.
    * Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    * Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    * Make sure everything found has a checkmark next to it,then press 'Next'.
    * Click on 'Finish' when you've done.

    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    Click on 'Preferences'.
    Click on the 'Statistics/Logs' tab.
    Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad.
    Attach the notepad file here on your reply

    Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:
    The following are for part of the Norton Security. but the program might not be installed correctly. You should check the status of the program before removing the entries. Do NOT remove them if the program is correctly installed and working okay
    Remove this and update from the beta version to the final version:
    O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

    Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot inti Safe Mode.
    Access the Startup menu using msconfig through Start> Run> msconfig> Selective Startup> UNCHECK any processes for the following:
    Access Add/remove Programs and uninstall the following:
    Checking the Services: Right click on Start> Explore> Windows> system32> verify the presence of all the 023 Services showing 'file missing'. No action is needed if they are present. Lack of permissions on the system folder is the most likely explanation. As the user account would be denied access to the system folder, the HJT tool cannot confirm that the file mentioned by the run entries exists, so therefore lists it as missing. If you have a 64bit version of Vista, I suspect that HiJackThis is not fully 64bit-aware.
    DO NOT remove. Just verify:
    Reboot into Normal Mode. If you stopped proesses on Startup, you will get a nag message that you can juts close after checking 'don't sow this message again'. Stay in Selective Startup

    Run HijackThis again and attach logs for Hijack and SuperAntispyware.

    Regarding this entry: I am reserving the final disposition of this. The CLSID does NOT match the malware entry for 'searchhelper.dll' and I saw notices of this enhancement being added through service packs for servers.
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

    If anyone else can reconcile the string to the malware, please advise.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.