TechSpot

What do I do to this? Please help me find the bad stuff.

By 600816
Jul 5, 2007
  1. I have attached a HijackThis log and need help as to what I shoul do. I have no idea what I'm looking at but I have been hijacked by something. Please help if you can. Thanks.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi 600816 and welcome to techspot. =)

    Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    Note: Your hijackthis is saved in the temporary folder. It should be saved on a folder of its own in c:\ as well as its executable file renamed to analyze.exe

    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of 600816 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. 600816

    600816 TS Rookie Topic Starter

    Antirootkit yielded no results. The other reports are attached. Thanks for helping. Maybe I got it. What else should I do?
     
  4. 600816

    600816 TS Rookie Topic Starter

    forgot to give symtoms

    No luck. I still have the problem. I get a redirect to porn or pharmacy web sites or other serch sites when I click on a link on the search results page. Very annoying. I think I did a good job of following the instructions.
     
  5. momok

    momok TS Rookie Posts: 2,265

    Hi,

    You have not posted your HijackThis log. Please do so in your next reply.
    I presume you have also read the thread about the decision to clean or reformat your system. If you have not, please do so.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Navigate in Windows Explorer and delete the following files and folders in bold.

    C:\PROGRAM FILES\COMMON FILES\System\accocdec.dll

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT and ComboFix logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of 600816 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. 600816

    600816 TS Rookie Topic Starter

    system restore

    I don't know what happended but my whole system froze up and I had a blank desktop with no responce to any input. I was able to do a system restore though and I reset everything to about 1 month ago which should have been before I was infected. Everything is working normal now. Is there anything I should still consider or should I be good now?
     
  7. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I would recommend posting the same 3 logs required: AVG Antispyware, ComboFix and HijackThis just in case some nasties were already residing in your system then.


    Regards,
    Your friendly momok =)

    This thread is for the use of 600816 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. 600816

    600816 TS Rookie Topic Starter

    questions

    I am going to go through the cleaning instructions again and then post the results. I have a question about one of the steps. When I'm in safe mode and I unhide all of the files I could not get my Norton antivirus program to run in safe mode and also I did not quite understand how to rehide all the files. Do I do the rehide while still in safe mode and do I just follow the unhide files instructions backwards? Thanks.
     
  9. momok

    momok TS Rookie Posts: 2,265

    Hi,

    To rehide the files, it is basically similar to doing the unhide files instructions backwards. Rehide your files after you boot up back into normal mode again.

    Skip that step regarding the antivirus scan in safe mode first. I would recommend you remove norton and use some other better free ware like the ones suggested, but removing it is quite a hassle and I'll help you after we're done with cleaning if you wish.

    Go ahead with the other steps though and post the requested logs.

    Regards,
    Your friendly momok =)

    This thread is for the use of 600816 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. 600816

    600816 TS Rookie Topic Starter

    Here are my logs finally.

    Here are my logs. I have gone through the whole process. Please let me know if you see anything.
     
  11. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Your logs look clean now. Are you still experiencing any malware related problems?

    1. Delete all files in AVG Antispyware Quarantine folder. (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine)
      You may also delete the C:\avenger and C:\VundoFix Backups folder and its contents.

    2. Turn off system restore (XP/ME only). Learn how to do that HERE.
      This will remove all the remaining nasties from your old restore points.

    3. After that turn system restore back on.
      This would have created a new safe and clean restore point for your system.

    4. Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
      May I recommend you to read this article.
      This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of 600816 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...