Need help parsing Trend Micro log file

Status
Not open for further replies.
My computer had an issue where my web browser was hijacked. I have restored my computer to point in the past and don't seem to be having any problems, but want to make sure my computer is actually clean. So, I ran Trend Micro HijackThis v.2.0.2. I have attached the log file and really could use some help in parsing it to make sure my computer is in fact clean.

Thanks for any help.
 
Hi oreida,

Im looking over your log now, please understand that this takes time. I'll post back in a few hours with my findings.


This thread is for the use of oreida only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi oreida,

Do you have Norton installed and if so was it just turned off?

You really need to sort out the amount of stuff on your computer,

Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Attach this log in your next post

Create a startup list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Check both boxes next to Generate StartupList log
  • Click the Generate Startuplist Log button.
  • Attach this log in your next post

Open HijackThis and select do a system scan only,
Put a check next to the following entries,
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - Global Startup: SetPoint.lnk = ?

Close all browsers and windows except HijackThis and select fix checked.

Please go to Virus Total or Jotti and upload C:\WINDOWS\system32\kdusac\smss.exe for scanning.

For Virus Total

  1. Please copy and paste C:\Windows\system32\wininit.exe in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\Windows\system32\wininit.exe in the text box next to the Browse button.
  2. Click on Submit.

Let me know the results.

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  3. When the downloads have finished, click on Next button.
  4. Click on Scan Settings button.
  5. Select extended under Scan using the following antivirus database:
  6. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  7. Click OK
  8. Click on My Computer under Please select a target to scan:
  9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  10. Attach this log in your next reply.

Navigate to C:\Program Files\Trend Micro\HijackThis\HijackThis.exe and right click on HijackThis.exe and rename it to crusty.exe then send a shortcut to the desktop.

Right click on the crusty shortcut and run as administrator, select do a system scan and save a log file. Post the log as an attachment back here.

In your next reply you should post,
1)HJT unistall list
2)HJT start up list
3)New HJT log
4)Results of virus total and Jotti
5)Kaspersky report


This thread is for the use of oreida only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
kritius said:
Hi oreida,

Do you have Norton installed and if so was it just turned off?

...

1)HJT unistall list
2)HJT start up list
3)New HJT log
4)Results of virus total and Jotti
5)Kaspersky report

Here is the information you requested.

A) I had Norton installed when I had my problem originally, but when I restored it was to a point in time before I had Norton.

All requested pieces of information are attached with file names listed below.

1) unistall_list.txt
2) startuplist.txt
3) hijackthis_new.log
4) Nothing was found in either scan.
5) kaspersky.txt
 
Ill look over your logs as soon as I can, sorry it isnt sooner but for some reason i didnt get an email about your post.

Can you re run the kaspersky one though , theres nothing in that post.
 
Make sure you turn on Norton, rubbish though it is, it at least offers some protection.

Download Syware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer.
It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from HERE

How is the computer running at the minute?
 
Current Status

The computer appears to be running fine at the moment... I just wanted to be sure that the restore point I used didn't already have the "hijacking" done to it.

Does it seem to look ok to you?

Thanks for your help. I really appreciate your time!
 
Status
Not open for further replies.
Back