TechSpot

Rootkit and Internet Problem, any malware left?

By hober86
Oct 28, 2009
  1. I recently recovered my cpu from some malware. Is there any sign of malware left on my computer? Can you tell from this hjt file? thanks

    [[BACKSTORY: I had fake anti-virus pop-ups that malwarebites fixed.

    However I still had a problem when I conducted google searches- no matter the search the results displayed the same sites (yellowpages.com, bullz-eye.com, mens health, etc). The symptom was the same for Yahoo searches and Bing! in both mozilla and ie.

    Going through the 8-step program, Super Anti-Spyware caught a rootkit, among 8 other files (unfortunately I did not save the log). Once I restarted my computer my internet was knocked out. Reinstalling ie and diagnosing the connection problem fixed it. Now google works too.]]

    I just wanted to include a hjt file to see if there's any malware lagging behind, or am I completely clean?

    Appreciate the help, let me know if i should provide other info
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, hober. Sorry for the delay. I can't tell from just the HijackThis log if you're clean, but it looks like the Host files have been hijacked.

    I would prefer that you update and scan with Malwarebytes and Superantispyware again. Save the logs and attach to next reply.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Follow with new scan with HijackThis. Please paste that log in next reply.
    Attach the 2 other logs and Combofix report.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, hober. Sorry for the delay. I can't tell from just the HijackThis log if you're clean, but it looks like the Host files have been hijacked.

    I would prefer that you update and scan with Malwarebytes and Superantispyware again. Save the logs and attach to next reply.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Follow with new scan with HijackThis. Please paste that log in next reply.
    Attach the 2 other logs and Combofix report.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...