Cleaning up 'spyware detected' - logs posted
- Thread starter Vincavec
- Start date
- Status
evilfantasy
Posts: 425 +0
You are running two firewalls, you need to pick one and uninstall the other. This can cause conflicts.
Open HijackThis and select "Do a system scan only"
Place a check mark next to
O2 - BHO: (no name) - {40C8A407-37A9-47C8-823E-D9F90A17C448} - (no file)
O20 - Winlogon Notify: ljjiihi - C:\WINDOWS\SYSTEM32\ljjiihi.dll
Click "Fix checked"
=====
Delete these files/folders, as follows:
* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.
=====
Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update
Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.
===
Next post please attach
Combofix log
New HijackThis log
Open HijackThis and select "Do a system scan only"
Place a check mark next to
O2 - BHO: (no name) - {40C8A407-37A9-47C8-823E-D9F90A17C448} - (no file)
O20 - Winlogon Notify: ljjiihi - C:\WINDOWS\SYSTEM32\ljjiihi.dll
Click "Fix checked"
=====
Delete these files/folders, as follows:
* Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):
* Save this as CFScript on the desktop.
* Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!
* ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.
Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang.
=====
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update
Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
** The latest version is Java 6 Update 3. Remove all other entries.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.
===
Next post please attach
Combofix log
New HijackThis log
Updated Scan, updated Java
Oh, forgot to mention, rootkit was clean before.
OK - in order...
I'm only running one firewall - Comodo - only installed one firewall on this computer. If you can name the other firewall program, I'll see about hunting it down and shutting it off.
While Combofix was running, my virus-scanner, (AVG) 'found' and quarantined the "ljjiihi" file
Combofix completed, but froze while preparing the log files (CPU cycles running at 50% for more than an hour).
Rebooted, reran Combofix (without the CFScript), froze in same spot.
Removed old Java, installed new Java.
New HijackThis log posted
Oh, forgot to mention, rootkit was clean before.
OK - in order...
I'm only running one firewall - Comodo - only installed one firewall on this computer. If you can name the other firewall program, I'll see about hunting it down and shutting it off.
While Combofix was running, my virus-scanner, (AVG) 'found' and quarantined the "ljjiihi" file
Combofix completed, but froze while preparing the log files (CPU cycles running at 50% for more than an hour).
Rebooted, reran Combofix (without the CFScript), froze in same spot.
Removed old Java, installed new Java.
New HijackThis log posted
evilfantasy
Posts: 425 +0
Firewalls showing are
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
If the NVIDIA is a hardware firewall it is OK to keep
Open HijackThis and select "Do a system scan only"
Place a check mark next to
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\ljjiihi.dll (file missing)
Click "Fix checked"
I think the combofix worked because the entries that I was concerned about are gone.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
Let me know if anything else comes up.
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
If the NVIDIA is a hardware firewall it is OK to keep
Open HijackThis and select "Do a system scan only"
Place a check mark next to
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\ljjiihi.dll (file missing)
Click "Fix checked"
I think the combofix worked because the entries that I was concerned about are gone.
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again
Let me know if anything else comes up.
evilfantasy
Posts: 425 +0
I realized that too late
Safe surfing......
- Status
Similar threads
Latest posts
-
Nintendo DMCA lawyers shut down everything Mario on Garry's Mod- Uncle Al replied
-
BlizzGone: Blizzard cancels 2024 convention but promises an eventual return- GodisanAtheist replied
