TechSpot

Scan logs for 8-step removal process

By liquidator46
Oct 16, 2009
  1. im sure there is a keylogger on my system, also pretty sure it is/was trojan-phisher-wow (came up in a virus scan but the program wouldn't remove for me) here are the logs, im not sure if one of the programs worked to remove it or not
     
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Looks pretty good liquidator46,
    You should update IE6 to IE8 even though you might not use it. There may be some Windows Updates still missing like criticals and hardware... How does you antivirus scan look now?
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot, liquidator46. I will help you clean up the malware. First, I need you to temporarily disable two Real Time Protection processes you have running. One or both can affect the malware scans:

    Ad-Aware AE Ad-Watch Live!
    • Right click on the Ad-Aware icon in the system tray. [​IMG]
    • Click on Disable Ad-Watch Live!
    • (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)

    Spybot Search & Destroy TeaTimer
    There are two ways to disable TeaTimer

    1)
    • Launch Spybot Search & Destroy [​IMG]
    • In the Menu, Select Mode and choose Advanced Mode
    • Click Yes in the confirmation dialogue box
    • click on Tools to expand the menu. Make sure that Resident is checked and then click Resident in the left pane.
    • In the right pane uncheck Resident "Tea timer" (Protection of over-all system settings) to disable it.
    • Uncheck the TeaTimer box and OK any prompts.
    • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    • Exit Spybot S&D when done.
    • (Once you are clean, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

    2)
    • Right click the TeaTimer icon in the system Tray [​IMG]
    • Then click Exit Spybot-S&D Resident
    • (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

    I also want to make sure you have only the Webroot Spysweeper antimalware program. They have a program that bunndles the anti-malware and antivirus programs, so check that please.

    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Then run a full system scan with the Eset Nod32 AV. Save the logs and attach it to the next reply.
    Also attach the report from Combofix.

    Follow with a new scan with HijackThis. I would like you to paste that log on though, not attach it. It helps me check the entries through my browser.
     
  4. liquidator46

    liquidator46 TS Rookie Topic Starter

    not sure how to save log for eset nod32 but it came up with 0 threats (though it also came up with 0 while i was being keylogged before i did the 8-step process)
    the website wont let me post the HJT log, something about not being allowed to post images or links so HJt and combofix logs are attached
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you please tell me why you thought you had a keylogger? And what if any problems you are currently having?

    P2P or 'file sharing: P2P Warning:
    I noticed you have a P2P program:

    uTorrent

    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall uTorrent for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    IF you choose not to uninstall it, please don't use it while we're cleaning. Use could result in the loss of support.

    You are still running AdWatch an the security wasn't turned off as instructed in ComboFix.

    You have the Askbar which is foistware- not malware, not virus, but known to bring extra content to the system. It can be removed in Add/remove Programs. If you would like to fully remove it, please let me know and I will give you all the entries to delete.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...