HJT log please

[swker98]

Hi, havent been on the fourms in a while, anyways my friend is having bada spyware problems

ive downloaded Avg anti virus and spyware, adaware and spybot and they cleared alot, I had alot of backdoors, I see that in my log also

if someone can suggest how to remove the nasty backdoors that wont budge in safemode

thanks

edit the hjt is before the combfix, I will fix it


edit: fixed the hjt


the safemode is after vbg, smithfraud and vundo

 

[BlameCanada]

If you have all those nasties,maybe a reinstall would be a better idea.
Plus,educate your friend about Internet security.

 

[swker98]

newest log i think its cleaner then when i started, i cleared most of the naties, can someone confirm this?


the onlly thing im suspisous of is the 04 entry winslogin.exe it looks like winlogin.exe

 

[momok]

Hi

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

Let me know your decision.


Regards,
Your friendly momok =)

This thread is for the use of swker98 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[swker98]

i think all my friend used it for was im or internet but ill chack to make shure but i think the infections are mostly gone so i dont thinkill format

how does my HJT log look?

 

[momok]

Hi,

The reason I asked you to read the thread to decide is because your system is still infected. Get back to me on your friend's decision.

Regards,
Your friendly momok =)

This thread is for the use of swker98 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[swker98]

they want me to clean it

whats my next step?

 

[kitty500cat]

Step 1:

Go into Add or Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint or Outerinfo.

Step 2:
Then run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

O4 - HKLM\..\Run: [Microsoft Logon Event] winslogin.exe

O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\DOCUME~1\john\LOCALS~1\Temp\kjwhvfxi.dll",forkonce

O4 - HKCU\..\Run: [mwoi] C:\PROGRA~1\COMMON~1\mwoi\mwoim.exe

O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe

O4 - HKCU\..\Run: [Microsoft Visual Enhance V2.1] C:\WINDOWS\iuntfs32.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Close all programs except HijackThis. Click the Fix Checked button. FIxing may take awhile; once it's done, close HijackThis.

Step 3:

Go to Start->Run, type in cmd

Press Enter.

Once the black window appears, type in the following:

sc config "viewmgr" start= disabled

Press Enter.

Once it finishes that operation, type exit and press Enter, which should close the window.

Step 4:

Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

Referring to the image below, drag the CFScript.txt that you just downloaded over onto ComboFix.exe and release.

This will ask ComboFix to execute the instructions within my file. Let ComboFix run normally and do its job. Attach the resultant log in your next reply.

Step 5:

Please navigate to www.virustotal.com.

Click the Choose... button.

Navigate to the following file:

C:\WINDOWS\system32\stfv.bin

Click Open. Then click Send File.

Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer.

Step 6:

Post a fresh HijackThis log, as well as the log resulting from the CFScript, and the VirusTotal log.

Regards

This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[swker98]

your looknig at my old log, ill do that stuff but look at post 3

but ill fix that stuff thats not alredy done in HJT

 

[swker98]

Here is everything, looks good

 

[kitty500cat]

Everything looks good.

However, I somehow missed telling you to rename HijackThis.

Right-click on the HijackThis.exe file and choose Rename. Change the filename to swker98.exe, analyzer.exe, or whatever you prefer (just something other than HijackThis.exe). Then rerun HijackThis and post a fresh HJT log only.

The reason for this is that some malware can hide from HijackThis.exe.

Regards

This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[swker98]

Thanks for all your help

 

[kitty500cat]

I noticed in your log that you have Windows XP service pack 1 installed. Service pack 2 has been released.

I recommend that you visit Windows Update and install all of the high-priority updates (service pack 2 should be in the list). Updating Windows is essential; if you don't do it, your computer is at much greater risk of being infected and/or hacked.

Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

Turn off system restore. See how HERE
This will remove all your system restore points, including any malware hiding in them.

After that turn system restore back on.
This will create a new, clean restore point for your system.

Often, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article. This can help to prevent future infections.

Should you have further virus/spyware problems, please post in this thread.

Regards

This thread is for the use of swker98 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

 

[swker98]

this log is from a different computer
just want to make sure its good

 

[kitty500cat]

The other log is clean as well.

Regards