Is this a malware/spyware/virus problem?

Status
Not open for further replies.

Del262

Posts: 9   +0
My son was having problems with his laptop an thought he had a virus.

I have gone through the 8 steps and logs are attaced.

Malware and SAS say there is nothing on the comp and Anti virus says clean to. However Hijack This, tells me it is blocked from accesing the 'host' file.

When logging on to my wireless network the computer either never remembers the name or seems to show two instances of the network, but adds a 2 at the end.

Thought I would check here for some advce or at least to get pointed in the right direction.

Thanks in advance.

Apologies for the horrendous spelling above was typing in a rush!!
 
Not too bad:
Remove bad HijackThis entries
• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Global Startup: QuickSet.lnk = ?
O13 - Gopher Prefix:
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

Reboot when through and see if this makes any difference. If it does not, then it's a mechanical problem, not malware.
 
Thanks have triedit and the laptop seems to be finding and connecting to the network much quicker and without duplication.

Thanks for the advice/help Should I run the malware/spyware progs again to check the machine?

Thanks again.
 
Should I run the malware/spyware progs again to check the machine?
Just do a new scan with HijackThis- I don't think you need to run the others. show me a fresh log and then I'll give you instructions in removing the cleanup tools. If one tenth of the logs I check were as clean as yours, I'd have more time to tell others how to get rid of their trash!

That is a 'left-handed' compliment! Tell you son to continue being careful.
 
There's just one entry you can check and see i it will 'stay removed'- I don't like entries with questions marks!

Your entry is:
O4 - Global Startup: QuickSet.lnk = ?

The complete entry should be:
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe

If you check to remove and it comes back, not to worry.

Download OTCleanIt HERE & save it to your desktop.
Double click on OTCleanIt.exe.
Click on CleanUp!.
It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).
You will receive a prompt that it needs to restart the computer to remove the files>
Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
Clear your existing System Restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
* Next, go to Start > Run and type in cleanmgr
"Ensure the selection is on C:\ and click on OK"-
* Select the *More options* tab
* Choose the option to clean up System Restore and OK it.
* This will remove all restore points except the new one you just created.

Keep up the good work! It was a pleasure working with you.
 
I ran all the things in your last post last night . It took me a couple of attempts to get all the things to work in the sequence you layed out.

Finally all seemed to come together (at some ridiculous hour of the morning:zzz:). Machine seems to be running fine, however I ran HJT again (log attached). The lines you asked me to remove, well at least a couple of them, seem to be back. I also still get the pop up saying HJT can't access the 'host' file.

As I said though the machine seems to be running fine and certainly a lot better than before.

If you think all is fine then I'm happy with that.
 
Good job! There are a couple of processes you might want to stop- you don't have to run HJ again or remove the processes- they are legitimate files but known high resource users and do not need to start on boot:

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
:
iTunesHelper.exe> Big resource user!
Background task installed by Apple's iTunes music player and also by version 7 of QuickTime which now comes inseparably bundled with iTunes. It is thought that this task used to be a 3rd party add-on program in the early days of Apple's iPod when its iTunes software was incompatible with many CD-Writers. This task does not need to be installed as a startup since iTunes starts it up anyway when it needs it.
1. UNCHECK on Startup menu using msconfig. It uses nearly 6MB of memory.

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
QUICK TIME
:
1. Use msconfig to UNCHECK any QuickTime entries on Startup> Apply> OK
2. Disable tray icon: Right-click on the icon and select QuickTime Preferences > Browser Plugin. Clear the check box next to "QuickTime system tray icon," and then close the settings box. The icon won't appear anymore.
3. Rename the qttask.exe file:
Right click on Start> Explore> Programs> QuickTime directory> right click on qttask.exe> rename to qttask.exeold.

C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: QuickSet.lnk = ?

quickset.exe startup configuration info:
Name: quickset
Command: C:\Program Files\Dell\QuickSet\quickset.exe
Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Registry name: Dell QuickSet
quickset.exe process and program file info:

CPU usage: 00%
Memory usage: 3,188K
Launching method: Windows Startup - quickset
Directory: C:\Program Files\Dell\QuickSet
File name: quickset.exe
Description: QuickSet MFC Application
System essential: No

Startup application quickset.exe is a taskbar application allowing you to quickly change power management settings.

You can safely remove quickset.exe from your Startup application list. If you want to use it, you can run it manually from Start > Programs > Others > Dell QuickSet > QuickSet.


Dell taskbar icon allowing you to quickly change settings. you can also do this:
Left click once on the QuickSet Icon, you should get a menu. Go Hotkey Popups>Disable On Screen Volume Meter.
[/QUOTE]
Unneeded Java processes:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
JAVA:
1. UNCHECK all Java entries on the Startup menu: Start> Run> msconfig> enter> Selective Startup Startup tab.
2. Open IE> Tools> Manage add-ons> right click on Java (tm) Plug-In 2 SSV Helper' (jp2ssv.dll> Click on and Disable Java Plugin2 and Java Quick Start.
3. Start> Run> services.msc> right click on JavaQuickStarterService)> Properties> Change Startup Type to Disabled> Stop the Service
4. Stop auto update:.(jusched): Control Panel> Java> Update tab> UNCHECK 'check automatically for updates'> Apply> answer Yes to confirmation> Close
5. Make sure only the current version of Java v6u11 is in Add/Remove Programs in the Control Panel. Uninstall any other versions.

For the Hist file problem:
Log on as Administrator and grant write access to the
/Windows/system32/drivers/etc/hosts file for the "power user" account.
 
Finally all done. Many thanks for all the help and advice. I am intending not to be back in this part of the forum for a while.............I hope.

Regards and thanks again.
 
Status
Not open for further replies.
Back