virus on my pc

[jessa_jr]

I have a virus in my computer hope you can help me.

I run the panda online scan and the attached file is my report of panda scan.

I also run the se ad-aware to fix the problem.

I have a norton 2007 and ad-aware se install on my pc hope you can help me with my problem thanks

 

[momok]

Hi,

Hi jessa_jr and welcome to techspot. =)
Uninstall anything related to Fun Web products.

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

log files

I already finished up to step 14, I uninstall my norton 2007 antivirus.

I run hijackthis and the log is attached but i dont fixed it

I run avg anti-spyware but there no report on the report folder even i do the settings to generate a report every scan, i found 4 high risk viruses then i quarantined them

I run the combofix but i can't attached the combofix.txt.bat log file and it says there no virus

I run avg rootkit but there no virus found and no log

 

[momok]

Hi,

The ComboFix log can be found in C:\ComboFix.txt.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Please run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper2.dll (file missing)
O20 - AppInit_DLLs:

Close HJT.


Navigate in Windows Explorer and delete the following files and folders in bold.

C:\WINDOWS\system\lsass.exe < note: this file is only in the system folder. The legit one belongs in the system32 folder.

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

I've done your instruction

Attached is the log of hjt and combofix hope you can solve it thanks

 

[momok]

Hi,

Unhide all your system files and folders. Navigate manually and delete this files.
C:\FOUND.007
C:\FOUND.008
C:\FOUND.009

Your logs look clean now.

Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)

Turn off system restore (XP/ME only). Learn how to do that HERE.
This will remove all the remaining nasties from your old restore points.

After that turn system restore back on.
This would have created a new safe and clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

Still have 21 spyware and 2 hacking tools and rootkit

Theres no file like this in my drive c
C:\FOUND.007
C:\FOUND.008
C:\FOUND.009

I scan again through panda online scan, I have no virus but 21 spyware and 2 hackingtools and rootkit. Attached is my log

 

[momok]

Hi,

There are no spywares and no hacking tools or root kits from what I see in that log. The majority detected are just cookies which you can clear via ccleaner.

Please download and run CCleaner via step 9 of the instructions HERE.

One of the tools used is employed by ComboFix in cleaning your system. You may delete it and ComboFix if you do not wish to keep it.

This entry states it is a potentially unwanted tool, which means you may wish to remove it if you are not using it.
Potentially unwanted tool:application/funweb - Not disinfected - c:\windows\downloaded program files\f3initialsetup1.0.0.15-3.inf

As I mentioned in my first reply to your post, I requested that you uninstall anything related to Fun Web products. The file in question may be a remnant hidden file, so you will need to unhide your system files and folders to be able to view it.

The rest of the stuff in yahoo quarantine should also be deleted alongst with the CCleaner cleaning process if you checked on all relevant boxes for cleaning. If not, you may manually delete them from this folder:
C:\Program Files\Yahoo!\YPSR\Quarantine\

They are all harmless once the files have been renamed and moved.

Regards,
Your friendly momok =)

This thread is for the use ofjessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

thank you very much

Thank you very much sir because you help me with my computer virus problem.

How can I learn hijackthis, what process I'm going to fix and not. Also I want to learn combofix.

And where I can learn about computer security so I may not be infected of any virus again because I have a computer rental shop and I want to scan all my pc if they have virus and fix it on my own.

Can I give all my 8 pc's hijackthis log so you can know the problem 1 by 1

 

[momok]

Hi,

You can definitely post the pc's logs; after all we are here to help out.

Considering you have a computer rental shop, learning more about computer security is a good idea. I must add that HijackThis and ComboFix logs are not easy to read, and require some experience. I made quite a few mistakes in the beginning myself whilst trying to learn.

For starters, check out the author's site for a simple HijackThis tutorial HERE.
Then go to this more advanced tutorial courtesy of bleeping computer HERE.

With regards to ComboFix, I do not have any links to tutorials; it would be difficult to teach you through the forums too as there are many facets to this program.

To deal with the entries in ComboFix, for a foolproof method, just google every single file name and double or even triple check your sources to ensure your information/analysis on that particular file is right.

All that said, I have to stress that error will most definitely occur whilst you attempt fixes on your own for at least the first few times. Experience can be gleaned by looking at logs here and how we fix them.


Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

Thank you very much for your info it will help me a lot as a beginner.

 

[momok]

No problems. Be prepared and don't be shy to ask plenty of questions; dealing with malware is always tricky. I'm still learning too

Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[jessa_jr]

one more question

Hi one more question why my avg anti-spyware virus on my other pc cant activate the resident shield its say that its not supported in the free version but on my other pc's it its running smoothly. I try to uninstall and reinstall it again but same problem the resident shield cannot be activated can you help me with this thanks

 

[momok]

Hi,

The resident shield is only applicable for a trial period of 30 days. After that, you will need a license that you have to acquire through purchase of the professional version. However, the free version without the resident shield is pretty much very useful already. I personally use it and scan every now and then.

Hope that addresses your query.

Regards,
Your friendly momok =)

This thread is for the use of jessa_jr only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.