I'm infected with something

Status
Not open for further replies.
works9

works9

Posts: 13   +0
So my computer is infected with something and it's making me mad. I followed the instructions from your stickie thread, and after hours of scanning, I can finally start a thread. I keep on getting random search sites poping up when I use google, and also when I used smithfraud, I got this error: registry editing has been disabled by your administrator. the antirootkit found no rootkits. I have attached the logs requested in the stickie thread. thanx
 

Attachments

  • hijackthis 1.txt
    8.6 KB · Views: 7
  • avg Report-Scan-20070928-161035.txt
    878 bytes · Views: 6
Your system does appear to be infected. It seems that at one point there was a Trojan, which was removed; however, there was still a nasty entry in your HJT & ComboFix logs.

Very Important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.

If, after reading the above thread, you decide to clean your system, do the following.

Go to the folder C:\Program Files\Trend Micro\HijackThis. Rename the HijackThis.exe file to Crusty.exe. This is because some malware can hide from HIjackThis.exe.

Your AVG Anti-Spyware log said no action taken for all items. You need to set it to apply the recommended action to all items instead. See HERE for details.

Post fresh HJT and AVG Anti-Spyware logs after doing the above.

Regards :)

This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
I'm going to tell you what I tell many others who just throw a log out and say '''m infected' with something'! How do you know you're infected with malware? What's happening?

I say this because many times problems are due to poor routing maintenance, too many programs on startup, running in the background and too many Services set to Automatic that the user doesn't need or that can be put on manual.

Even if you log shows infection, these things have to be considered, but not giving any information doesn't help us to help you.
 
thanx for replying to my thread kitty500cat. i did what you requested so here are the fresh avg anti-spyware and hijackthis logs.
 
Your system seems to be clean. :)

But this will need to be deleted * O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

Also O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)..... that is saying there is a file missing, could you do a system file checker. Go to start/run and type in "sfc /scannow". Note: Make sure you have your windows xp disk handy.

And you need to be more specific when posting a thread.

Like what are is happening to your computer. Instead of just saying im infected.

Are you having any symptoms with your computer? Anything going wrong?

I advise you go and read this All about Malware topic.

Hopefully, after reading that you will have learn't all about malware and the forms of it.

Regards Jase :)

This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
i'm glad to hear that jase123...the reason y i said that my computer is infected is because i didnt know what virus got me, i just knew that the comp acted weird and a little slow. i do not have my windows xp cd, because i bought this comp used a while ago, and it came with windowx xp, so should i delete
Also O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
or leave it alone.
now i have another concern...when i try to search for something in google, as soon as i type teh first letter, a tab drops down with all the searches i have done already that started with that letter...reason y i'm acting suspicious is because it didn't used to do this before the computer got infected...i would like to get rid of that...
 
Leave that > O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

Yes that is normal for a drop down menu to come when searching on google. It just all your past searches. You can clear all your past searches. What browser you using IE or mozilla firefox, or a different one.

Regards Jase :)

This thread is for the use of works9 only.Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
no i'm not...my IE version is 6.0...my homepage is google.com so im using that search bar. i just did a clean with atf-cleaner and that drop down is still there...
 
Open IE, then click tools at the top, and in the drop down menu click internet options. This should open a small box.
Then on the general tab, click delete cookies and files. Then below that click clear history.

This will clear all past searches.

Regards Jase :)
 
I noticed from your HJT log that you're using Windows XP, without any service packs. You should upgrade to XP service pack 2; however, it would probably be a good idea to wait until the computer is cleaned.

There is still a nasty entry in your HJT log.

Run HijackThis and place a check in the box next to the following entry (if there):

O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht![http]adxtend.net/code/chm/xpre.chm::/xpreload.ocx

Close all open programs, including your web browser. Click the fix checked button and close HJT.

Then please do the following.

1. Please download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached avengerscript.txt and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the file you have just downloaded, click on it and press open
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, along with a fresh HJT and ComboFix log.

Regards :)

This thread is for the use of works9 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 

Attachments

  • avengerscript.txt
    70 bytes · Views: 6
aww man, i thought i was clean...oh well...here's the stuff that you asked for kitty500cat...i hope i got rid of it this time...
 
Status
Not open for further replies.

Similar threads

J
Solved Win32/Skeeyah.B!rfn and Win32/Fuerboos.D!cl infection
2
Replies
27
Views
7K
Broni
Broni
midian182
Weekend mass shootings: Politicians "partly" blame video games, Cloudflare cuts ties with...
2 3
Replies
66
Views
5K
Gezzer
G
Steve
Gamers are ditching Radeon graphics cards over driver issues
10 11 12
Replies
289
Views
43K
TRMat
T

Latest posts

Back