TechSpot

Virus software detects threat - HijackThis log included

By Renold
Dec 16, 2007
  1. Hello,
    Recently I have been getting messages telling me that I have been infected with Downloader.Zlob.Li. I'm not sure whether or not my computer is still infected. I am posting my Hijack-This logfile. Can anyone tell whether or not I am still infected with Zlob, or if I have any other infections? If so, could someone guide me through the removal process?

    Thank you in advance.
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

    You can have HJT fix these entries because tehy have been deactivated:

    O2 - BHO: (no name) - {40C266CA-3132-4B3A-9CCC-D36D3AF37812} - C:\WINDOWS\system32\jkhfe.dll (file missing)

    O20 - Winlogon Notify: vtuvwtq - vtuvwtq.dll (file missing)

    O20 - Winlogon Notify: winful32 - winful32.dll (file missing)

    If you think you may still be infected, read this thread If your system is infected, read this before deciding whether to Clean or Format.

    If you decide to clean your system, follow these instructions Virus/Spyware/Malware, preliminary removal instructions and post fresh HJT, Combofix, and AVG Antispyware logs as attachments to this thread as well as the result of the Panda Antirootkit scan.


    This thread is for the use of Renold only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Renold

    Renold TS Rookie Topic Starter

    Logs

    I have completed all steps of the Virus/Spyware/Malware, preliminary removal instructions. The Panda Antirootkit scan discovered 1 unknown rootkit.
    The results of the Panda Antirootkit scan described the rootkit as follows:

    CATSEXPN.: Zone.Identifier
    HIDDEN: TRUE
    IS_ADS_DIRECTORY: FALSE
    HIDDEN_FILES: 1
    IRP_HOOK: 1

    I have included fresh HJT, Combofix, and AVG Antispyware logs as attachments, as well as the results of the Panda Antirootkit scan. Does everything seem ok?

    Thank you for your help.
     
  4. Daveskater

    Daveskater Banned Posts: 1,687

    Your HJT log looks clean.

    Panda AntiRootkit has built in cleaning functions to remove the Rootkit. Run a new scan and tell it to clean anything that it finds, then run a full scan with the online scanner in step 3 of the preliminary removal instructions.


    This thread is for the use of Renold only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...