1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Malware removal logs

By ONEone ยท 6 replies
Jan 31, 2009
  1. i just went through your malware removal instructions (very well written by the way) and i have some logs for you to look over if that's still happening.

    as far as my symptoms go out of the blue i had redirecting going on. never before had that happened on this pc. please let me know if any other information is needed. thank you.
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi ONEone

    Sorry you were overlooked for so long!

    Run HJT select and remove the below
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - AppInit_DLLs: nxbkyp.dll

    I am sorry to tell you that you have some BAD Malware found by MBAM and that you just exited the program without cleaning. As evidenced in the log by "No action taken".

    SAS did remove some correctly so it needs to be UPDATED and run again QuickScan, attach new log to confirm all is gone from last run and no new items.

    Then UPDATE MBAM and Scan again Full Scan attach new log.

    And a new HJT log after the above.

  3. ONEone

    ONEone TS Rookie Topic Starter

    no worries about the delay, in my opinion the response was quick and thorough. here are the updated logs, my bad on not removing them on the MBAM. thanks for letting me know!
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    OK I am assuming since no SAS log that it was clear.

    If so all of these logs are clean.

    But based on what you did have do the below..

    Download SDFix to Desktop.


    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

  5. ONEone

    ONEone TS Rookie Topic Starter

    yeah, the SAS was clean, sorry about that.

    as for the SDFix, is there any reason my McAfee is telling me that it's a PUP (potentiall unwanted program) and that it blocked a generic.dx trojan?
  6. ONEone

    ONEone TS Rookie Topic Starter

    here is the report from the SDFix.
  7. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes there is a reason for it. By the nature of what it does it may look like Malware itself to some Virus and other Malware scanners.

    So turn off the Virus scanner to get a good SDFix run.

    Run it again with Mcafee off!

    And where is the ComboFix?

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...