Post removal procedure: HJTlog for inspection

By Integra
Jul 17, 2007
  1. did a preliminary removal instructions as to my problem here

    attached are the files for inspection. i hope i did it right and have the unnecessary files removed.

    *in the ComboFix.txt there is a line saying "2007-07-09 14:12 719,872 --a------ C:\WINNT\system32\devil.dll" which seems kind of funny..."devil" but there was a file being quarantined after that. Is that the culprit?

    Please advice.

    Thank you
  2. Integra

    Integra TS Rookie Topic Starter

    i did a Spybot search and Destroy scan after everything but there was a warning windows half way through the scan saying "There were problems in the included file C:programe Files\Spybot_search_Destroy\Includes\Trojan.sbj see include errors.log"

    i closed it but the scan continues and report saying "Congratulations No immediate threats were found"

    what does the warning message means?

    Advice please.

    **but after performing the preliminary removal instructions procedures, there isnt any error pop up windows anymore but is my system clean of any bugs yet?

    Thank You
  3. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Run HJT and do a system scan. Place a check in the box next to the following entries (if there):

    O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q

    O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - [http]
    O16 - DPF: {D702FBF4-EE60-11D0-BD5B-00A0C91F4635} (CFForm Runtime) - [http]
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - [http]

    Close all open programs (including this browser window, excluding HijackThis). Click the Fix Checked button in HijackThis. Wait for it to complete the fixing, then close HJT.

    Navigate to and delete the following bold folder (if there):

    C:\Program Files\Creative\News

    Please post fresh HijackThis and ComboFix logs.

    Regards :)

    This thread is for the use of Integra only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...