1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Need some help, thanks in advance

By TheAngelGibreel ยท 11 replies
Aug 4, 2008
  1. Hi all. I've been attempting to clean up my folks' computer of a virus (viruses?) that it has... problem is I barely know anymore than they do, haha.
    Every so often, a blank IE page is opened up. If we close it, another one simply opens in its place.
    I've followed all the instructions you have very helpfully posted and attached the logs. The Panda Antirootkit didn't find anything.
    Thanks for the help!

    Attached Files:

  2. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    Hello Welcome TechSpot

    Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

    Please re-open HiJackThis and scan.**Check the boxes next to all the entries listed below.

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://v4.windowsupdate.microsoft.com/
    O15 - Trusted Zone: http://www.encorelegal.com

    Now close all windows other than HiJackThis, then click Fix Checked.**Close HiJackThis.*Reboot

    After that, Reboot, and post a new HijackThis log here in a reply
  3. TheAngelGibreel

    TheAngelGibreel TS Rookie Topic Starter

    Thanks for your reply and help.
    I fixed the three things you listed, and attached my new log. Hopefully everything is ok now!
  4. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    How is your computer running now

    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
  5. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Hi :

    Your Folks computer has a Java program that is about 6 "Updates/Versions"
    behind, a serious security risk ; it should be uninstalled and any other "version" of
    this program that MAY be on the computer . Should ONLY have the latest version
    which is available at www.java.com .
    You never did mention WHY you thought your folks computer had a "virus" !? IF
    it is because the computer is responding "slowly", it MAY be caused by the
    "presence" of McAfee and Ad-Aware, which I would NOT have on my computer .
    And combining that with using AOL as their Internet Service Provider makes the
    situation worse . IF paying for antivirus, should have the superior "NOD32"; and
    the FREE Avira/AntiVir is much better than McAfee .
  6. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069


    Please do not jump in when we are in the process of removing the malware java will be updated when the time is right
  7. TheAngelGibreel

    TheAngelGibreel TS Rookie Topic Starter

    The computer seems to be running fine atm. After speaking a bit more with the people who actually use this computer, it seems like the "never-ending IE window" thing only happens every couple of days (don't know if this is helpful but knowledge is power I guess). I've attached the ActiveScan txt. Once again, thanks for walking me through this!
  8. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  9. TheAngelGibreel

    TheAngelGibreel TS Rookie Topic Starter

    Here's the report, copied and pasted like you requested:

    Malwarebytes' Anti-Malware 1.24
    Database version: 1028
    Windows 5.1.2600 Service Pack 2

    11:43:32 AM 8/6/2008
    mbam-log-8-6-2008 (11-43-32).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 117414
    Time elapsed: 1 hour(s), 50 minute(s), 52 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  10. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    Well looks good we just need to clean up. How is the computer

    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.


    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)


    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type


    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.[/QUOTE]
  11. TheAngelGibreel

    TheAngelGibreel TS Rookie Topic Starter

    Alright, I've just finished up the last steps you posted. Computer seems to be running fine.
  12. xxdanielxx

    xxdanielxx TS Booster Posts: 1,069

    good test it out and if you see the same problem or anything wired post back here :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...