My HJT file

Status
Not open for further replies.

mehouse

Posts: 17   +0
My computer has become infected with Adware (Virtu.Monde) and viruses galore. While surfing the web, I have had random windows open and windows look alike pop ups telling me my computer is not secure.

I have scanned my computer with Norton and it finds nothing! Then I scanned with all 4 of the web products you recommended and it found tons. Sometimes though they would just shut down (after 2 hours of scanning), so I didn't rescan. I believe Bit Defender and F-Secure were the successful ones. I've also ran Trojan Hunter and Trojan Remover numerous times. Trojan Remover always gives an error saying it is unable to remove all of the files (specifically mljjgda.dll) and I have tried using MoveOn to delete it but it always reappears! I just scanned with AVG and it still found 64 files which were either Quarantined or deleted. Then I rebooted in safe mode, and here is my Hijack This log. I'm not sure if I've gotten rid of all the viruses, spyware, etc. or if there's still more I need to delete.
Any help is appreciated.
 

Attachments

  • hijackthis.log
    7.4 KB · Views: 6
Hello - please link to the following and read it:

https://www.techspot.com/vb/topic65943.html

If you decide to clean rather than reinstall, please link to the following site and follow EVERY STEP:

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/


This thread is for the use of mehouse only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

Please note: our Experts are away - this advice will start you on the road to recovery. Follow ALL steps.
 
I have followed the 15 steps and I'm now posting my new Hijackthis and AVG log files. Thanks for any help!
 

Attachments

  • AVG Report.txt
    24 KB · Views: 8
  • hijackthis.log
    8.8 KB · Views: 7
It seems like I'm not getting any more pop-ups while websurfing. I'm just wondering if my system is clean now. Thanks!
 
Please rerun ComboFix and post a fresh log. It may get rid of more nasties on the second try.

Regards :)

This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

CFScript.gif


This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Please navigate to www.virustotal.com.

In the Upload a file section, click the Choose... button.

Navigate to the following file:

C:\WINDOWS\system32\drvhum.dll

Click the Open button, then click Send File.

Make note of the results.

Then do the same with the following file:

C:\Program Files\USoft\usoft32.exe

Please post the ComboFix log and the VirusTotal results here.

Regards :)

This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 

Attachments

  • CFScript.txt
    458 bytes · Views: 10
Thanks for all your help. Here's the new ComboFix log.
Neither of those files you wanted me to upload to that site were in those locations. I do not have a Program Files/Usoft folder. I did a search of my entire computer for usoft32.exe and got no results. I searched for the drvhum.dll and it was located in C:\Qoobox\Quarantine (so it had been quarantined by AVG). I ran it through the Virustotal website and I've posted the results in a text file. Mostly no virus found, but there were a few viruses and 1 adware.
Thanks again!
 
Please follow the above CFScript instructions again, only this time use the one attached to this post.

Then attach the resultant log into your reply, as well as a fresh HJT log.

Regards :)

This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 

Attachments

  • CFScript.txt
    88 bytes · Views: 12
Great, I believe all is now as it should be.

However, I haven't done a lot of work with ComboFix yet, so I'll let one of our experts check the logs before giving the final instructions.

Regards :)

This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
I just ran AVG again (3rd day in a row) and I keep getting all these tracking cookies. There's always 32 of them. Burstnet, Doubleclick, Questionmarket, Fastclick, Mediaplex, RealMedia, Valueclick, Burstbeacon, Tribalfusion, Webtrendslive are some of their names.
 
AVG often finds tracking cookies, but in general, they're very low risk. They're used, I think, to monitor your surfing habits so that websites can display advertisements "relevant to your interests." You can remove them, or set your browser to block them.

I haven't seen momok yet, so I'll give you the post-cleaning instructions awhile.

Delete all files in AVG Anti-Spyware Quarantine folder (located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine).

Turn off system restore (XP/ME only). See how HERE
This will remove all your system restore points, including any malware hiding in them.

After that turn system restore back on.
This will create a new, clean restore point for your system.

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article. This can help to prevent future infections.

Should you have further virus/spyware problems, please post in this thread.

Regards :)

This thread is for the use of mehouse only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Thanks so much for all your help. My PC has been running 'normally' for the past few weeks and all scans are returning no viruses/spyware.
Thanks again!
 
Status
Not open for further replies.
Back