Logs - please help

By MLacey8804 ยท 12 replies
Oct 5, 2008
  1. I know for definite that I have Infostealer, but I'm quite certain there are other problems. Please help me resolve these issues.

    Thanks, Mike.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Gosh I hate it when people just throw logs at us and don't give us a clue about what is happening on their system! Don't they realize that information helps us help them?!

    Okay, now that I'm done with the rant:
    1. Mbam removed numerous infections. You need to review that log and see where some of them came from.
    2. SpperAntispyware shows you (all) with more Tracking Cookies than I can count. Basically, every site you've visited must have left a Tracking Cookie-each time! In addition, they are for dad, guest, matty, richard, shexual_fairy and sio-ban! ALL of you need to get control of the Cookies you allow!!
    First, have SuperAntispyware remove ALL of the Cookies showing on ALL of the accounts.
    Second, ALL of you need to change your Cookie settings to the following:
    Open IE> Tools> Internet Options> Privacy tab> Advanced button> CHECK 'allow first party Cookies'> CHECK BLOCK third party Cookies> CHECK 'allow persession Cookies'? OK> Apply> OK

    ALL of you need to review the listing in the program to see where you are getting more of the Cookies. These are what I call dirty sites! They're full of trash and they're going to put it on the system if you (ALL) don't protect yourselves!

    You are using both the file sharing programs Bit Comment and BearShare, you're streaming with WMP, CyberLink Power DVD and Dell Media. None of this is without penalty. As long as you continue this, your system will be a sitting duck for malware. And it's a wonder you move at all with all this running- that's what I meant about telling us the problems.

    Please handle this. I'll return later with the removals for HiajckThis.
  3. MLacey8804

    MLacey8804 TS Rookie Topic Starter

    Thanks for the help. This is not my computer, I'm (well, you are lol) doing this as a favour, so I apologise about the lack of info. I will do all as you have suggested and come back once I have. Thanks again.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I was coming back to ask if there was a slow startup, shutdown or surfing, but I guess you won't know that. I have almost finished with the HijackThis log and will reply with it a little later. It's kind of useless to clean it out though because they're using BitComet, and Bearshare which are file sharing sites and it appears they are having streaming media and downloading beginning at startup.

    It's difficult to sift through all the processes without knowing what problems are being experienced.
    Please re-open HiJackThis and scan.*Check the boxes next to all the entries listed below:
    The following are for Symantec, but there is no Symantec security program running. If a Symantec/Norton program was previously on the system, these processes should be stopped and the program uninstalled:
    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis*and*reboot into Safe Mode:
    Start> Run> type in ;msconfig' without quotes> enter> Selective Startup> Startup tab> UNCHECK the following:
    When finished> Apply> OK
    Go to the Control Panel> Add/Remove Programs and uninstall the following:
    Go to the Start> Run> type in services.msc> find each of the following Services> right click> Properties> change startp type to Disabled:
    Right click on Start> Explore> Windows> System 32> delete the following if present:
    Reboot into Normal Mode> close the nag message that comes up after checking 'don't show this message again'. Stay in Selective Startup.

    A NOTE: With so many different people using this system, with the file sharing programs BitComet and BearShare, with the large amount of streaming media and recording, it will be difficult to keep this system clean.

    The malware cleaning tools can be removed with this:
    OTCleanit! by Oldtimer
    Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) Click the CleanUp! button.
    It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).

    System Restore points should be dropped:
    Control Panel> System> System Restore tab> CHECK 'turn off system Restore'> Apply> OK> Reboot.
    Now go back in and UNCHECK 'turn off System Restore'> Apply> OK.
    Create a new, clean restore point.

    Download and Save to the desktop, the FoxIt Reader for PDF files. The Adobe Reader was out of date and comes with a lot of bloat. This will do the same thing without the extras:
    Click on the 'Get it Free' button. Save to the desktop- run the setup from there to install.
  5. MLacey8804

    MLacey8804 TS Rookie Topic Starter

    Thanks for all that mate. I'm round there after I finish work at 7, I'll try it all then and let you know how I got on. Also, have tried deleting BitComet, but a .dll file in the "tools" folder will not let me remove it the little b*gger! I've tried to delete an awful lot of crap off their computer, but a lot of it does not appear on the add/remove programs list.

    Anyway, thanks very much for the help, I'll report back ASAP.
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Sorry, I left BitComet off the 'remove from startup section.' Please follow:
    Now try the removals.
  8. MLacey8804

    MLacey8804 TS Rookie Topic Starter

    Thanks for all that help. Attached is an updated HJT log. Seems to be running better. Can you tell me is it safe though? Has Infostealer.Gampass been removed? Still quite apprehensive about entering any login details anywhere!

    Thanks, Mike.
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    The log looks much better. Hopefully you followed through on the instructions. The following needs to be removed, then uninstall. It is not secure. Update to v9 or better, get FoxIt instead:
    Good that BitComet and Bearshare are gone. Hopefully they'll stay off!
  10. MLacey8804

    MLacey8804 TS Rookie Topic Starter

    Bobbye, thanks for all the help mate, sorry about long wait for reply.
    Updated log attached, seems to be running a lot better. Any more problems that you can spot or do you think it's now safe to use the web again?!

    Thanks again, Mike.
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Your log is clean. I see you removed the Adobe reader, but I don't see FoxIt. You will need something to read the PDF files:
    Click on the 'Get It Free button: http://www.foxitsoftware.com/pdf/rd_intro.php

    If I didn't take you through resetting the Cookies, here it is:
    Internet Options (from Tools or Control Panel)> Privacy tab> Advanced button> CHECK 'override automatic Cookies handling'> CHECK 'allow first party Cookies'> CHECK 'Block third party Cookies> CHECK 'allow per session Cookies'> Apply> OK.

    Stay safe and stay clean! You did a good job.
  12. MLacey8804

    MLacey8804 TS Rookie Topic Starter

    Foxit's been installed, so not quite sure why it's not showing, but it's working fine thanks. I've basically deleted all the other accounts now just to be safe! Cookie settings have been applied, all is well.

    Thanks for everything! Mike.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You're welcome Mike.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...