TechSpot - PC Technology News and Analysis

So i wiped my whole computer clean installed a few things on it and as i share this with my brother his online game wasnt working so he randomly downloads stuff trying to fix it (things that have nothing to do with the game in general)

last time i fixed it for him there was a game keylogger in the file he needed just checking that he hasnt got that on here before i logon to some stuff

Thanks in adavance

~Richard.

Attached Files

hijackthis.log (7.9 KB, 4 views)

I don't see any keyloggers, but I see a lot of junk and conflicting programs that you might want to re construct.
AVG Antispyware 7.5 hasn't been supported for six weeks, so it is useless.
You have AOL antispyware (probably McAfee) AVG 8.0 ( which is pretty much useless nowadays). One of those should go. I would take off both and get a decent antivirus package such as Antivir
Adaware doesn't appear to be up to date.
Zone Alarm has been in conflict with Microsoft too often lately.
Are you in Real Estate, or otherwise, what is Voyager?
You have Windows Live as well as AOL. Those will conflict
You might wish to rethink your security... Firewall, Antispyware, Antivirus, but you will need to decide what to do about AOL first. Either use AOL security, or remove it and add
MBAM MalwareBytes or SuperAntiSpyware, Adaware 2008, and Avast or Antivir antispyware.
Then defrag your system.

If you plan on defragmenting make sure to run a ChkDsk by going to Start > My Computer and right clicking your main drive ( If unpartioned, it's C:\ ) and click Properties and click on the Tools Tab. Click on Check now and put a check mark on the both objects, it will ask for a restart. After you restart it should run the ChkDsk for about a hour or so depending on how large your hard drive space is, after it's finished it will reboot one or two times. Now, you can run a Defragment tool such as the Built in one with Microsoft or a free-to-use program like JKDefrag ( Highly recommended ).

hey ok first follow the steps below this looks weird to me

O17 - HKLM\System\CCS\Services\Tcpip\..\{90DC1203-D41D-4F00-98B1-67E8D2C15BB7}: NameServer = 92.31.242.20 92.31.242.21 <------This looks like a hijack
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DA02CE8-A747-419E-AF9E-8EA04F67C049}: NameServer = 205.188.146.145 <---------- This is from AOL


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

--------------------------------

ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

---------------------------------

SmitfraudFix

• Download SmitFraudFix to your deskop
• reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
• Double-click SmitfraudFix.exe
• Select 2 and hit Enter to delete infect files.
• You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
• A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt (Attach the log to your next reply)

Thanks for your time here are the logs

EDIT: just went to log onto my game now my game wont connect and AOL spyware popped up saying it detected something called bifrost? high security lvl? mind you that thing is allways chucking out false positives just thought id mention it anyway.

Attached Files

	ComboFix.txt (14.4 KB, 1 views)
	hijackthis.log (7.8 KB, 1 views)
	rapport.txt (1.6 KB, 1 views)

Can you attache the MBAM log. Also I still se the entries I asked you to remove did you remove them?

sorry forgot to post it and was it the things highlighted in red you wanted me to remove? just the one that looks like hijack or both?

Coz you didnt ask me to remove it :S

Attached Files

mbam-log-7-19-2008 (01-27-34).txt (830 Bytes, 1 views)

just this one
O17 - HKLM\System\CCS\Services\Tcpip\..\{90DC1203-D41D-4F00-98B1-67E8D2C15BB7}: NameServer = 92.31.242.20 92.31.242.21 <------This looks like a hijack

Ok removed it but it just comes back on restart? new log

Attached Files

hijackthis.log (7.2 KB, 0 views)

I did more searching on it and it is nothing bad like malware.

Please run an on-line virus scan at http://www.kaspersky.com/virusscanne...can</font></b> or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++

If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.

Found some things :P

Coming up with the .exe you asked me to download and run?

The files it says are on the desktop aint visable? guessing they are hidden? but the .exe on desktop/antivirus is visable.

Attached Files

virusreport.txt (1.3 KB, 1 views)

no that is a false positive. Well your last log look clean can you post one last hijackthis log to make sure. Also how is your computer running

Fine

log attached

Attached Files

hijackthis.log (7.7 KB, 2 views)

hey it looks clean just remove the 2 items below

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Now its time for the clean up

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

-----------------------------------------

Uninstall ComboFix

• Click Start then Run
• Now Type Combofix /u in the runbox
• Make sure there's a space between Combofix & /u
• Then hit Enter

The above procedure will Delete the following:

• ComboFix & it's associated files & folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide system/hidden files, if required.
• Set a new, clean Restore Point.

------------------------------------------------------------------

OTCleanit! by Oldtimer

• Download OTCleanIt
• Click the CleanUp! button.
  (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot

---------------------------------------------------

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

xxdanielxx

Thanks very much for your help you've been great! keep up the good work daniel

anytime, if you still have problems post back here