I think I am clear... but it seemed suspiciously easy?

[kopella]

Hi There,

Sorry to register & immediately be asking for assistance, I feel quite cheeky. I would just like someone who knows what they're looking for to check my HJT log please. In case there is anything that looks untoward I have given an outline of what I have done below. Any feedback as to whether I am clean or need to do more would be greatly appreciated.

I had (or possibly still have, fingers crossed not) the braskt.exe virus, the first indication of the problem was yesterday when my laptop crashed and went to a bluescreen error, today I got the red dot & cross in my taskbar with the spelling mistake in the message. I ran AVG & ad-aware, none found anything, I then looked in task manager, saw the braskt.exe file and very nearly just deleted it, however I googled the name first to be sure & found your forums threads & so have followed your malware removal instructions as per the sticky at the top.

I think all is clear, and it doesn't seem that the file has interfered much with my system, however I am aware of how tricky these things can be and am very suspicious that it was so easy.

Many Thanks

Emma

P.S. Just realised you asked for all 3 logs so just added the other 2

 

[kimsland]

Best to follow:

Viruses/Spyware/Malware Preliminary Removal Instructions

Otherwise we may be chasing our tail

Note:
Member has now posted all attachments, since writing my reply

 

[kopella]

Hi

Hi, Thanks for replying.

I have followed those instructions and am now posting the logs as it asks.

I think all is clear, just looking for a bit of help checking. I have had a quick look through the HJT log myself and can't see anything suspicious, I have also read through a few different threads involving others with this virus & checked my log for any odd bits that came up for others and there doesn't seem to be anything, however I could quite easily have missed something & would value an opinion of someone who is familiar with these logs.


Many Thanks

Emma

 

[kopella]

Update

About 10 minutes after posting the last message, AVG flashed up that it had found a Trojan horse Agent.3.R in C:\System Volume Information\_restore, I put this in the virus vault and I am now re-running the scans as per the instructions.

 

[kimsland]

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

 

[kopella]

Thank you, I have just done that.

Is there anything else I should do now? all appears well but i'm worried that if I haven't cleared everything further problems could be brewing that i'm not aware of.

Many Thanks

Emma

 

[kimsland]

O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all

read here: https://www.techspot.com/startup/3483/

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[kopella]

Hi,

Ok I will do that now. Just before I do, I looked at the link relating to the Khost.exe file & clicked on the link to run a free scan for related errors, the Uniblue registry booster found 436 registry errors, should I clean the registry first before running the Kaspersky Scanner?

 

[kimsland]

registry booster found 436 registry errors

Definately not
Sorry I do not usually link users to areas that contain other downloads

Un-install that program, then continue above

 

[kopella]

Hi,

I ran the Kapersky, it took 2 hours & found nothing at all. I tried to save a copy of the report but it isn't doing anything, this maybe as there is nothing on the report to display.

Thank you very much for your help.

Emma