Help with HJT log please.

Status
Not open for further replies.
It looks like your system is infected with Win32.Rbot.H worm .

Go to this thread - https://www.techspot.com/vb/topic93156.html and follow the link to the Malware removal instructions and follow them exactly.

Once done.
Post fresh HJT, Combofix, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.
We also need to know the result of Panda Antirootkit.

There is no need to zip the logs.

This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I can't run the Panda Antiroot programme. When I run it the box pops up but its blank and stays that way.
 
Ok, carry on with the rest of the instructions and post the requested logs when done then.



This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Ok. here are the logs. I couldn't use panda antiroot but I did use the avg antiroot and it came up clean.

Sorry forgot this last log.

(Moderator edit: Posts merged. Please use the edit button, rather than replying to your previous post where there are no other replies in between. If bumping the thread, please wait at least 24 hours for a reply.
 
First off, your Internet Explorer is out of date. You need to go HERE and update it.

Your system is infected with Win32.Rbot.H worm. Do you use your pc for online banking? If so you should change all passwords immediately by Phone and inform your bank that your information may be compromised.

I will look into removal instructions for that infection.

[edit] Go to this link - http://www.pandasecurity.com/homeusers/solutions/activescan/ and run the active scan.

Once done, post fresh combofix and HJT logs.

This thread is for the use of T_T only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I can't seem to be able to run the scan on that site. Shows javascript:javascript:validar_formu(); on the big green button for the scan.
 
Are you sure you have the latest java? Java doesn't use automatic update - you have to manually update.

The latest version can be found HERE.

Regards Jason :)
 
Yeah, I know. it was with internet explorer. I clicked scan on the first page and a pop up window opens up and asks to put in email for the scan to start.
 
I have... It doesn't do anything I've tried many times. In firefox when I click it it will at least say "Not compatible with firefox" But when I do it with internet explorer the green button doesn't do anything.
 
Theres no pop up of any installations for me. Clicking the green button after putting email in doesn't do anything at all.
 
Hmm very strange. Lets use the Kaspersky scanner instead.

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. attach the log in your next reply as an attachment.

Regards Jason :)

This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
 
It seems to have the same problem there, Nothing happens when I click on scan now. :(
 
Are you sure your doing it right? Not two scanners can fail.

Lets try the Nod32 scanner;

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Regards Jason :)

This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
 
Please could you post fresh HJT and Combofix logs.

Regards Jason :)

This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
 
Utorrent is installed on your computer and I see that it's running. While Utorrent is (a) clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

Please also read Malware Removal's Guide on P2P Programs.

===================

Can you tell me how your computer is running? Any problems?

Regards Jason :)

This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
 
Actually, That's the thing. I haven't noticed anything wrong with my computer except for the hjt log that I used to compare to one I had previously. Also since the last couple of days, It seems my computer tries to auto update through windows update but I've had that disabled for a long time but somehow it seems to be enabled every time I restart.
 
Hmm very strange - something must be triggering it.

Let me do do some research - I'll get back to you soon - or one of the others may reply to you.

Regards Jason :)

This thread is for the use of T_T ONLY. Please do NOT post your own virus/spyware problems into this thread. Instead, open a new thread in our security and the web forum.
 
Run HiJackThis and click "SDo a system scan only", then check the following, (if present)

ALL of the 018 Entries

Now, with all windows closed except HiJackThis, click "Fix checked".


Post a new HijackThis log.

Why do you not have SP2?
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
466
eriksnyman1
E
losdavos
Malware removal help, please and thank you!
Replies
1
Views
803
losdavos
losdavos
M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M

Latest posts

Back