Various Viruses VB.ASD, Generic8.GHY

Status
Not open for further replies.
M

mam_01

Posts: 34   +0
Hello, recently a friends computer was acting strangely and I suspected it was infected by viruses. The Task Manager could not be accessed (ctrl+alt+delete), nor the registry (regedit), and when connecting to the internet, Internet Explorer would constantly shut down.
After he ran his virus scanner (AVG), these two were found: VB.ASD and Generic8.GHY.

After reading a few threads on this site, I followed the instructions for removing viruses/spyware/malware etc from this site, and I have attached the requested logs as advised.

I am now able to see the task manager and view the registry editor, but I thought I would attach the log files, as per instructions.

Also, with Step 11- Panda Antirootkit Programme - no known or unknown rootkits were found.

I appreciate any feedback.
thank you.
 

Attachments

  • hijackthis.log
    6.2 KB · Views: 5
I only looked at the HijackThis log. You did a good job

One more I suggest removing is the Alexa Search: Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
Click to expand...

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot.

You might want to check the AVG Status v7. Is that version being supported any more>
 
Hi,
Thank you for that.
I did run HijackThis again but was unable to find that item - it seems to have disappeared? (which I guess is a good thing).

The AVG is version 7.5 which I think seems to be the latest, I have updated its virus definitions and any updates...

This pc isn't connected to the Internet either, which isnt to say the viruses won't come in, as this one came in through a document saved on a Uni computer and then put onto a USB...

Thank you so much for your help!

and if there is anything else I should be doing, please let me know?

Maria
 
You are running the Tea Timer feature from Spybot Search and Destroy. The AdAware Service is also running. However you have 16 Tracking cookie that need to be removed. Please delete the Tracking Cookies. This can be done in Windows explorer:
Right click on Start> explore> Docs & Settings> Cookies> change the view to List> delete all the Cookies listed in the SuperAntiSpyware log.

When done, it would be a good idea to run Hijack again, with any Real Time protections disabled, such as Tea Timer and AdAware. But leave the AV active.

You can attach a new Hijack log here.
 
Hi Bobbye,

I decided to redo the steps again, and i turned off the realtime monitors. I noticed the tracking cookies came up and were removed.

I have attached the new Hijackthis log, as requested.

I will await your feedback.

thank you,

maria
 
Maria, it looks pretty clean to me. You did a good job! There are a few things that I recommend removing or disabling. They are legitimate programs, but in some cases, high resource users:
Stop this:
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
Click to expand...

Turn this auto-update off in the Control Panel> Java> Update tab> uncheck 'automatically check for update':
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Click to expand...
Unless this person is the head of a network and need to contact the other systems on the network as the Administrator, I suggest stopping these processes:
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Click to expand...
 
Hi Bobbye,
Thank you! I managed to stop the first 2, however i am unsure about how to stop MSN.. but at the same time, this pc won't be on the internet, and the person using it doesn't use MSN anyway, so I guess it will be ok to leave it be?

I appreciate all your help!

thanks,
maria
 
i am unsure about how to stop MSN.
Click to expand...
msmsgs.exe is the MSN Messenger Internet chat tool installed by default on most Windows computers.

I should not have grouped the two "messengers" together. They are different- my apology. However disabling either does not break the connection to the MSN ISP.

If the user is not actively using the MSN Messenger on a regular basis, it should be disabled and removed. It can also be discouraged by renaming it:
Right click on Start> Explore> Programs> right click on Messenger> Rename> add 'old' to the name, like this:
messengerold.

As for the Windows Messenger, remove the entry I left. Then:
Start> Administrative Tools> Services> find an right click on Messenger> Properties> Disable the Startup mode of this Service. Stop this Service if running.

I tis a legitimate Service, used for the reason I left, but it is also used unethically by third parties to display a Microsoft-like message via pop-ups, usually giving some type of warning, urging the user to click on something to fix it. When they do, they get malware. Because the display is disguised to appear it has been sent from Microsoft, which is a use of "social networking", the user thinks it's valid.
Screen shots here:
http://www.itc.virginia.edu/desktop/docs/messagepopup/
 
Status
Not open for further replies.

Similar threads

midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
177
Uncle Al
Uncle Al
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni

Latest posts

Back