TechSpot

Virus Removal help

By zrules
Feb 28, 2008
  1. My computer got slower. I think it is virus. I have a hijackthis log. Please help me remove virus/spyware.
     

    Attached Files:

  2. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I can't see any Malware present (note:I am not a Malware Specialist)

    I did find this (still not Malware though)

    C:\Program Files\Dell\BAE\BAE.dll
    BAE.dll is GoogleAFE (Browser Address Error Redirector) object which is a browser plugin that redirects browser error pages to vendor customized Google search pages, often found on Dell PCs. This is a non-essential program. It is recommended that you remove it from your system to boost up the performance of your IE browser.

    If you would like to follow:
    Viruses/Spyware/Malware, preliminary removal instructions
    http://www.techspot.com/vb/topic58138.html

    To be certain, that would be better.
     
  3. zrules

    zrules TS Rookie Topic Starter Posts: 50

    Can some one double check this? I think I downloaded some file that contains virus that i used for hacking (yeah stupid me), and now it screws up my computer performance. For example: some stuff take so long to open up.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    First go to add/remove programs through control panel and uninstall anything to do with:
    Viewpoint
    UberIcon

    Combofix
    • Download Combofix to your desktop.
    • Double click combofix.exe & follow the prompts.
    • A window will open with a warning.
    • Type "1" (and Enter) to start the fix.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
    Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

    Combofix will automatically save the log file to C:\combofix.txt

    Next post should include combofix.txt and a Hijackthis log from after doing everything else
     
  5. zrules

    zrules TS Rookie Topic Starter Posts: 50

    fixed, here are the 2 logs

    Thank you, I ve followed your instructions and here are the logs.
     
  6. kritius

    kritius TS Guru Posts: 2,084

    While I was having a look through the log I couldnt seem to see any antivirus stuff, I saw zone alarm but that was it, did I miss something?
     
  7. zrules

    zrules TS Rookie Topic Starter Posts: 50

    zonealarm is my only protection.
     
  8. kritius

    kritius TS Guru Posts: 2,084

    Get ONE antivirus then AVG Free or Avast! Free. You also should get some anti spyware stuff too.
     
  9. zrules

    zrules TS Rookie Topic Starter Posts: 50

    well, or just don't download suspicious files, which I am not going to do ever again.

    ok now i really need some professional help. My IE explorer opens 2 min after I clicked on it after everything is loaded when I start up the computer. it is definately a sign of virus/spyware/malware.
     
  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  11. zrules

    zrules TS Rookie Topic Starter Posts: 50

    Thank you for your advice, but I truly think it is virus and spyware that caused the problem. Actually, other programs runs very slow too. I need BlindDragon to help or some other professionals!

    I changed HJT.exe to Crusty.exe so that malware could be found. Here is the log.
     
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    ok

    well I had a look through your HJT log anyway!

    Even though all those Dell service startups aren't malware, I'd still disable them.
    Plus a lot of others
    This will help your computer's performance

    I won't annoy you any longer.
     
  13. zrules

    zrules TS Rookie Topic Starter Posts: 50

    I am not saying you are annoying, I just need some real help. I said thank you too.
    anyways, I will delete these dell service startups.
     
  14. kritius

    kritius TS Guru Posts: 2,084

    If you are going to download stuff at all, ie using p2p such as,

    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)

    Get an ANTIVIRUS, You have just proved that you really need it, it wont cost you anything.
     
  15. zrules

    zrules TS Rookie Topic Starter Posts: 50

    lol, the problem is, since my computer is mad slow now, installing these antivirus programs are pain in the ***. It takes so long to load up and it freezes.
     
  16. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Kimsland is a professional in my opinion.

    Start Hijackthis and Do a System Scan only then put a check next to the following:
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (file missing)
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)


    These 2 are maybe's, they are used for some games like battle field and america's army, if you remove them they will screw up gameplay. They are generally detected as malware, but if you play those games do NOT remove them. If you don't play those games go ahead and check them also:
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


    Then select Fix Checked

    I'm just now going to look at the combofix log.

    Update your Java Runtime Environment
    • Click the following link
      Java Runtime Environment 6 Update 4
    • The 4th option down is the one you want
    • After the download locate and double click the installer jre-6u4-windows-i586-p-iftw.exe
    • Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions in your case Java 6 Update 3
     
  17. zrules

    zrules TS Rookie Topic Starter Posts: 50

    wow, Thats What i am expecting! BlindDragon you are my Jesus Christ :)
     
  18. kritius

    kritius TS Guru Posts: 2,084

    Blind Dragon is right, kimsland is REALLY good at this, you should listen to what he has to say.
     
  19. zrules

    zrules TS Rookie Topic Starter Posts: 50

    lol is that mean I should not listen to you but them? lol just joking.
     
  20. kritius

    kritius TS Guru Posts: 2,084


    Maybe you shouldnt, they are a lot better at this than I am. Good luck
     
  21. zrules

    zrules TS Rookie Topic Starter Posts: 50

    Ok here is the logs. I know you did not ask me to post it, but I did anyways.

    What is ironic is that when i turned off Zonealarm, everything is blazing fast. I dont know why and what is the cause of that.
     
  22. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    AVG Anti Spyware
    • Download and install the latest version of AVG Anti Spyware
    • Click Save File on the box that pops up after clicking the link
    • The AVG installer will download to your desktop, Double click on this Icon
    • In the installer Click Next, I agree, Next, Install, after it extracts the files, check box to launch AVGAS then Finish
    • With the program launched, Select the Icon at the top that says UPDATE then Start Update in the left pane
    • Now select the Icon at the top that says SHIELD then at the top of the left pane change "Resident Shield is ..." from Active to Inactive

    Boot into SafeMode may want to write this down
    • Now select the Icon at the top that says SCANNER
    • then select the settings tab, in the first section "How to act?" click on recommended actions and change it to delete.In the reports section make sure it is set to Automatically generate report after every scan
    • Click back to the Scan tab and select Complete System Scan
    • Finally, after the scan, select the Infections Icon at the top, click Select All at the bottom then Remove finally also at the bottom

    attach the report here
     
  23. zrules

    zrules TS Rookie Topic Starter Posts: 50

    ok, thank you very much, will try it out later.

    well the scan did not find any infections, so I do not have a report. What is the next step?
     
  24. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Your logs look clean I just wanted to be sure.

    Go to add/remove programs and make sure you uninstalled java 6 update 3

    Go to www.update.microsoft.com and make sure you aren't missing any updates

    Are you having any more problems?


    Spybot Search and Destroy
    • Download and install the latest version of Spybot - Search & Destroy (currently 1.5.2) (If you already have this version please open it, update, immunize, and Check for problems under search and destroy)
    • When you have downloaded the program, double click on the downloaded file to start the installation. Follow the default selections, agreeing to the user agreements, and pressing the Next button until you get to the Select Additional Tasks screen.
    • Make sure that the last entry ("Use system settings protection (Tea Timer)") is NOT checked.
    • Press the Next button and then the Install button to start the installation process
    • Check Run Spybot S&D press Finish. Spybot - S&D will now start
    • The first screen asks if you want to backup your registry in order to be able to restore from it in the future. This can cause no harm, so it is a worthwhile task to do. You should click on the Create registry backup button
    • Click on the Search for updates button. If updates are available then select the Download all available updates button
    • When the updates are installed click on the Next button
    • You should now click on the Immunize this system button. When it finishes click on Next button
    • Then click on the button labeled Start using this program to begin using Spybot - Search & Destroy
    • For help with any problems please see this guide Spybot tutorial

    You can also speed up performance with spybot S&D. Go to Mode and select advanced. then expand tools in the left pane, then double click system startup uncheck items that don't need to be started everytime you turn on your computer. If you don't know what something is you can post here or google for it. Don't uncheck anything in green.
     
  25. zrules

    zrules TS Rookie Topic Starter Posts: 50

    Ok, I think my computer is now A-ok. Thanks for your support guys.
    p.s. I uninstalled Zonealarm and reinstalled it again. Is now faster.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...