Searching for remnants of a virus

Status
Not open for further replies.
Hello all!

Yesterday I was unlucky enough to pickup a couple of nasties while web browsing (guess i won't be trusting avgs linkscanner anymore :( ). AVG and windows firewall popped up a fair few messages about various viruses and trojans and I've spent the last day trying to remove everything.

Most prominent was smitfraud -c, which I think was causing a lot of fake windows security alerts to pop up. Hopefully I sorted this out with smitfraudfix - the fake warnings have stopped appearing. As well as running AVG i also installed and ran adaware and spybot s&d - AVG didn't pickup anything else, but the last 2 found other trojans hanging about.

While running AVG in safe mode it came up with some lines about locked files which it hadn't tested, so when i logged back onto the net to find out what this was about, I discovered I still had a problem with IE, where I was getting redirected from google links to random websites. So i came to techspot seeking answers!

I completed the 8 step instructions (couldn't turn AVG free 8.0s anti spyware off independantly - tell me if I need to disable the resident shield completely) and malewarebytes and superantispyware both picked stuff up.

Google appears to be working correctly atm, but I'll need to test for longer to see if its really gone. I was hoping someone could take a quick look through my logs to see if theres anything dodgy still about. Many thanks in advance :)
 
Your malwarebytes log shows
Files Infected:
C:\Program Files\gttnjmc\webactutil.dll (Trojan.FakeAlert.H) -> Delete on reboot.
I presume you've done this?

Also, do run ccleaner a few times to clean up those cookies.
 
Thanks for the swift reply momok

I did reboot after running malwarebytes - running it again now after getting your message just to check its no longer there - I'll repost once its done.

Ccleaner did clean up all my cookies, but of course - some have reappeared as soon as i opened up new pages in IE. Would you recommend disabling cookies complete? I know its really a personal option and they can save time - but if it reduces security a fair bit, i could live without them.

The only other thing I've noticed thats changed since getting these viruses is that my internet connection will drop after a small period of being idle (a few minutes). Before, I could leave it as long as I liked and I would still be online (its an ADSL connection btw). I checked the connection properties, and the idle disconnect option wasn't turned on

Malwarebytes scan finished and came out clean.
Also ran Ccleaner to get rid of those cookies too.

Sorry Tedster - I must have somehow scrolled past your reply earlier. Thanks for the link - checking it out now :)

Nothing unusual in the registry keys the link told to check. Nor in win.ini and system.ini (although xp wasn't covered for that bit, which is what i'm using)
 
Been away for a few days, but when I got back and ran HJT, webactutil is still showing up. I did delete the folder in program files - so what should I do now? Will fixing it in HJT do the job?

I've also noticed 2 folders in c:\program files that I don't recognise called BFG and Zero G registry - any ideas what these are?
 
Status
Not open for further replies.
Back