Log check

By swker98 · 8 replies
Apr 12, 2009
  1. hi, i had a badly infected machine just wondering if i missed anything

    thanks again
  2. touch

    touch TS Rookie Posts: 978

    Hello swker98

    It looks like you´ve got an old and rare (AboutBlank) infection ->

    Please download AboutBuster


    Unzip to a convenient location such as C:\AboutBuster

    Start –Run, type services.msc (or copy/paste) in 'run' box. Click OK. When the services window opens, scroll down to:
    Network Security Service ( 6QÔõ 'ª´ÆÐ8)

    Right click on it and choose 'properties. You will see a little drop down bar with an arrow. Click on that and change it to ”Deactivate

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    Run About:Buster now. Hit OK, Start, OK. Save the log file. Run it again for the second time (OK, Start, OK). Save that log file. Post both log files here.

    Reboot into Safe Mode (hit F8 key until menu shows up). Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also.

    Go to EVERY profile (C:\Documents and Settings\every_profile_listed\Local Settings\Temp & also
    C:\Documents and Settings\every_profile_listed\Local Settings\Temporary Internet Files) and delete all the contents in their folders.

    Reboot normally.

    Attach a new HJT log file along with log files from aboutbuster
  3. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    Will do thanks

    Thanks for your help, i have attached the logs you have asked me to, however i wasent able to follow your instrustions exactly as far as

    but i did run it twice and attached the logs all else was completed successfully as far as emptying the temp folders.
  4. touch

    touch TS Rookie Posts: 978

    Ok :)

    I´m not sure if AboutBuster have removed what it found -> C:\WINDOWS\system32\cvxmj.dat.

    I´ll therefore suggest you run a scan with combofix.

    Please download Combofix:

    And save to the desktop.

    Open notepad and copy/paste the text in the quotebox below into it:
    Name the file as CFScript
    and Save it on the desktop


    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, Attach the contents of that log in your next reply

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  5. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    combo fix says that the script is incorrect, also it says the current date is 4\12\09 it is going to run in reduced functionality mode, would it be ok to delete that file in safemode?

    Edit: I had the wrong name for the script, DOH. Im running combo fix in safe mode now

    alright, downloaded an updated version of combofix, used it in safemode, lookes like it got rid of the about infection and a bunch of other stuff

    updated logs attached
  6. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    can i assume im clean?
  7. touch

    touch TS Rookie Posts: 978

    Uncheck these:
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Free]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBouncerDL]

    in msconfig. Look here, how to:

    reboot, and tell how things are running ?
  8. swker98

    swker98 TechSpot Paladin Topic Starter Posts: 1,077

    all those have been unchecked prior to cleaning everything out, it running good much better then in the beginning, in fact i only have 3 startup programs running (checked) as all the other crap is unnecessary

    thank you for your help
  9. touch

    touch TS Rookie Posts: 978

    My pleasure :)

    Now your computer problems are solved, it is time for the clean-up procedure.

    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...