Infected by SafeWebNavigate2008 - Followed preliminary removal - please see my logs

By VevinUki
Jun 23, 2008
  1. Hello,

    I am writing because my PC got infected recently by some malware/Adware/Spyware. I found your preliminary removal instructions and followed them. They were very helpful and saved my PC. I would like to please ask nicely if you could review the 3 logs from the instructions. My PC is no longer showing any previous symptoms and is working normally, even a bit faster, however I would still like to know if I managed to fix this problem? Thank you for your time and patience.

    PC Symptoms:
    -A new antispyware program wss installed and ran automatically on my PC. It found lots of trojans, spyware and viruses. It said if I wanted to removed these infections I should buy the full version of the program. It then ran internet explorer and opened, which was obviously a hoax to get me to download more spyware.
    -The right-hand side of the start menu was empty except for "Connect to".
    -A new icon appeard in my taskbar and flashed on and off. It was a red circle with a white "x" in the middle. A bubble window appeared out of it, that said my system was infected and I should get some antispyware to get rid of it.
    -All time information about files in my computer-I had a shortcut on my desktop-(through right click-properties) showed "VIRUS ALERT!". It was also next to the time in the Taskbar.
    -Internet connectivity was ok, but non of my antispyware programs could update, neither could my antivirus program, NOD32.

    What Happened:
    The malware came from a self-extracting archive and started opening right after download. The extracting window wasn't the usual window, it had question marks instead of letters on buttons. It was stopped in the middle, just as my antivirus, NOD32, kicked in. Some files were in blue and the text field beneath the scrolling log of extracted files had something written like Windows/System32/Healthcheck. Just then the new antispyware program started also. The full system scan which Nod32 was doing stopped in the middle or was just going really slow because nothing moved.

    What i did:
    The second I realized what was going on with the archive i unplugged the LAN cable from the machine stopping the internet.
    I then countinued to close all windows from the new antispyware program, rejecting all prompts from the malware to download antispyware programs. At this point I didn't have the "Virus alert!" beside the clock in the taskbar and my Start Menu was normal. I then closed the archive window with the lowest right button, guessing that that might be the close one. I then deleted manually the archive from the desktop.
    NOD32 found 2 infections in the temp folder in Docs and Settings and removed them. However, a second scan found them again.
    So after deleting them again I went to "Internet options" and deleted cookies, History and Temporary Internet files.

    On my second PC, I found your site and removal instructions, which I followed.
    I couldn't do Step 3 properly. I couldn't download the java platform for the test, because of the malware. But after I completed the instructions I did the test and the online scanner did find 1 spyware but couldn't remove it, because it had some internal error on the site.

    Panda Antirootkit did not find anything, all zero.
    The logs that you requested are there I hope. I had both MBAM and SAS

    Thank you for your time and help.


    PS: I hope this was a good post ;-)

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...