Welcome to the TechSpot OpenBoards. Please read the FAQ if you have any questions. Login to participate.
|
|||||||
Is my Laptop clean or infected with some malware??
 |
|
|
|
Thread Tools |
|
#1
06-18-2006
|
|||
|
|||
|
Is my Laptop clean or infected with some malware??
Hi,
Once i got a link from one of my buddies in my messenger list. I clicked on that and went into yahoo page(fake login page). The next day onwards I wasn't able to login into my yahoo mail using that id. That's when i came to know that i was phished. I had forgotten the answer to secret question, so i had got to yahoo to have my password reset. Then I was able to login with my new password and see my mails. I logged out and when i tried to login after sometime, again i got the error invalid password. I suspected that some malware, trojan or keylogger has been planted on my laptop. Since then i have been trying all free anti-spyware, anti-keylogger, anti-malware tools. I did get that some malware is found in my PC. I cleaned them , the next time when i run those software they show my PC is clean except for tracking cookies or spy cookies. Now, still i am not sure if my PC is clean. I have a few queries 1. Now if I reset my password by yahoo , and login to my yahoo account either from my Laptop or some other PC, will i again fave the same login problem after somtime? The person who has hijacked my yahoo account has not changed my password, because if he had changed my password I would have got a message in my alternate e-mail! ( am i right?) 2. Would something have been done, so that whenever I login into my account using a new password ( even if login from a different PC), the hacker would get an alert? is that possible? Why I am asking this , if i ma unable to find out if my PC is clean , then as a last resort, can i take a backup and then format and reinstall Windows XP. ( then my PC should be clean, any entries in registry should be cleaned). 3. Before going to yahoo for a password reset, I want to make sure from my side that everything is ok. Because i don't want to go them again and again with same problem. I have been using This mail-address for a long time and it has many of my important data and that's why i want to retain it back completely and properly. I have done all the scans as given and then did a Hijackthis Scan, the logs of which i have attached. Please let me know if my Laptop is clean or has some mailcious program which does not allow me to login into my particualr yahoo account. Now if i reset my yahoo password, should i do so from this Laptop or some other laptop. or is it better( as a last resort) take a backup of data on my Laptop and then reinstall windows XP . Please advice me. Thanks & Regards, S.Palaniappan. |
|
#2
06-18-2006
|
||||
|
||||
|
so you've done the "Follow these instructions before posting a HiJackThis Log" sticky in the main area of this subforum? if not, give it a go:
Follow these instructions BEFORE posting your HJT log. HJT fix this: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm i'm new at reading these things so i probably missed a few  . Just wait on the experts to look through.. |
|
|
#3
06-18-2006
|
|||
|
|||
|
[B]Hello and welcome to Techspot.[/B]
Go and follow the instructions exactly, in the link N3051M gave you. Post a fresh HJT log into this thread, only after doing the above. Regards Howard  |
|
#4
06-19-2006
|
|||
|
|||
|
Posting my Hijackthis Log
Hi,
I have done all scans as specifed by you. Then i have run Hijackthis Log and now I am posting my log Hijackthis.txt for you to have a look. Request you to look into it and suggest a solution to my problem. Regards, S.Palaniappan |
|
#5
06-19-2006
|
||||
|
||||
|
it seems that you dont have a firewall installed.. you can download Zonealarm or Sunbelt Keiro free of the net, just google them.
you still have this, you may have to boot safe mode to fix it: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm howard, not too sure about these ones: Code:
O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
Last edited by N3051M; 06-19-2006 at 08:58 AM.. |
|
#6
06-19-2006
|
|||
|
|||
|
[b]Boot into safe mode.[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial61.html[/url]
[b]Turn off system restore.(XP/ME only)[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial56.html[/url] Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there). R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O11 - Options group: [JAVA_IBM] Java (IBM) Fix all 016-DPF entries. O23 - Service: E - Unknown owner - C:\DOCUME~1\PALANI~2\LOCALS~1\Temp\E.exe (file missing) O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) Click on the fix checked button. Close HJT. Reboot into normal mode and turn system restore back on. N3051M. Juniper networks is his ISP and shouldn`t be fixed. Regards Howard  |
