8 steps completed - logs attached

By Phocks · 6 replies
Dec 28, 2008
  1. I am getting constant pop ups from Avira Guard.

    Pop Ups attached.

    I have run the 8 steps however the propblem still persists. (Logs attached)

    Since following the 8 steps it has only been the first on the pop up list that continues to pop up.

    Would someone please help me and let me know what I need to do from here.

    Thanks in advance for your time and help.

    Brad (Phocks)
  2. rf6647

    rf6647 TS Maniac Posts: 829

    The first listed "popup" in the file refers to a System Restore folder. All appearances are that the infection was handled.

    • Update MBAM & SAS.
    • Rescan with MBAM & SAS until they report clean or something that cannot be cleared. Post logs showing infections.

    • Next, obtain ComboFix & scan. Diagnostic info will add more understanding to the 'desktop' aspects from this infection.

    • Restart the computer & scan with HJT.
    • Post logs & describe findings & how things appear to be running.

    Additional Information
  3. Phocks

    Phocks TS Rookie Topic Starter Posts: 26

    Combofix Log and update Hijack This Log


    Thanks for your help.

    I have run the scans as per your advice.

    MBAM found no infections on the first scan.

    SAS I had to run 3 times with the third scan being clean (2 infected logs attached)

    ComboFix and Hijack This log also attached.

    One thing, while running Combofix a pop up box come saying I did not have 'windows recovery cosole' and I should install one....is this something I need to look into??

    Thanks again for your help.

    Please let me know if I am clean or there is anything else I should do.


    Brad (Phocks)
  4. BlkHeartWolf

    BlkHeartWolf TS Rookie Posts: 151

    only 2 dead keys in your registery and if you run Hijack this it should remove them also just check them

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  5. Phocks

    Phocks TS Rookie Topic Starter Posts: 26

    Thanks heaps.

    Should I keep all the programs that I downloaded through this poccess???

    Are there any recommended methods to reduce the risk of any further virus???

    Thanks again for your help.


    Brad (Phocks)
  6. rev_olie

    rev_olie TS Guru Posts: 560

    I would now:

    • Uninstall Malwarebytes through Add/remove programs

    • Keep SuperantiSpyware but disable it on start up
      Go Start>Run an type "MSCONFIG".Then go to he start up tab and uncheck Superantispyware.

    • Also you can remove Hijackthis now as probably next time you come to use it it will be out of date

    Finally keep scanning with superantispyware and Avira and you should stay clean.

    Create a new thread if you need more help in the future.
  7. rf6647

    rf6647 TS Maniac Posts: 829

    Thanks for providing the ComboFix log. This gives me a perspective on the capability of the standard tools. The major finding was ‘work space’ used by one of the trojans, and was no longer an active part of any infection.

    Recovery Console
    I recommend installing it. It is ‘cheap’ insurance against disaster. The mere cost is a startup boot screen with every restart. This cost can be kept to a minimum by setting display timeout to between 2-6 seconds. And if you should ever need ‘safe mode’, this avoids the need to tap F8 at precisely the correct moment.

    Setting the timeout -
    Start > run > control sysdm.cpl,,3 > Startup and Recovery settings

    Internet Security
    I would add a firewall. ‘8-steps’ recommends two choices. For more reading see the link referenced in the following quote.

    Uninstall ComboFix
    Establish clean System Restore point
    Use the [​IMG] inside the quote box for entire 'sticky' note.

    Periodic Maintenance
    Once or twice a month, I scan with MBAM & SAS to confrim my security applications are being effective. No single application is 100% effective.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...