Title of AVG Anti-Rootkit randomly changes
- Thread starter elite801
- Start date
- Status
Blind Dragon
Posts: 3,774 +4
Hi elite801,
Yes you are infected, I skimmed your log and noticed a few things
Please have a read here-> Is your system infected? Read this before Cleaning or Formatting
If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.
1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)
This thread is for the use of elite801 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Yes you are infected, I skimmed your log and noticed a few things
Please have a read here-> Is your system infected? Read this before Cleaning or Formatting
If you decide to clean your system please follow these Viruses/Spyware/Malware, preliminary removal instructions and post back in this thread with the requested logs. There should be at least 3.
1)AVG log
2)Combofix log
3)Hijackthis log (Step 15)
This thread is for the use of elite801 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Blind Dragon
Posts: 3,774 +4
Download and Run ATF Cleaner
Download ATF Cleaner by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Download ATF Cleaner by Atribune to your desktop.
Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
Firefox or Opera:
Click Firefox or Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Finished step 15. I used DSS instead of Combofix. and after I scanned with AVG anti-spyware I forgot to save a log X.X but I have a screenshot of the window with the stuff it found(had to save it as a monochrom bmp). Also, I keep getting an alert from Zonealarm saying nyhome-jdt.home is trying to connect.
Blind Dragon
Posts: 3,774 +4
Update your Java Runtime Environment
If for some reason you couldn't update through the above instructions.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
1)Uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
Browser Enhancer
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Lop.com
LOP SEARCH
Messenger Plus
Ultimate Browser Enhance
Window Search
Window Searching
Zone Media
2)Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.
3)The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.
4)If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
5)Reboot your computer (into safe mode, read instructions below)
You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into Safe Mode
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Each Bird Upload Mfcd] C:\Documents and Settings\All Users\Application Data\Info mags each bird\balmford.exe
Select Fix Checked
Close Hijackthis
Show hidden files through windows explorer
Use Windows Explorer to navigate to and delete the following folders:
Folders:
C:\Documents and Settings\All Users\Application Data\Info mags each bird <-This folder only
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
- First try going to Start -> Control Panel -> double click Java
- Select the Update Tab at the top of the Java console
- Click the Check for Updates button at the bottom
- If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
- After it installs the newest version Go back to Control Panel -> Add/remove programs
- Uninstall any older versions of Java
If for some reason you couldn't update through the above instructions.
- Click the following link
Java Runtime Environment 6 Update 5 - The 4th option down is the one you want (click Download)
- Check the box to agree to terms of service
- Check the box for your operating system and click 'Download selected'at the bottom
- After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
- Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05
folder
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
- Click Start, point to Settings, and then click Control Panel.
- In Control Panel, double-click Add or Remove Programs.
- In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
How to prevent it from being recreated every time you run the AOL software:- Open AOL
- Go to Help on the toolbar
- Select About AOL
- Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.
1)Uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
Netpumper
BitRoll
Browser Enhancer
CiD Help
CiD Manager
Download Plugin for Internet Explorer
Lop.com
LOP SEARCH
Messenger Plus
Ultimate Browser Enhance
Window Search
Window Searching
Zone Media
2)Setup" is now displayed. Click on the Uninstall button. Note: options displayed on the first screen are not related to the sponsor program.
3)The sponsor screen is now displayed (if you don't see it, search for it in your Task Bar). To prove that someone is currently reading the screen, you have to type the code that is displayed. Once you enter the code, press Uninstall.
4)If you entered the code properly, the program will ask you to confirm that you want to uninstall. You must answer "Yes" to this question, else, you won't have another chance of uninstalling.
5)Reboot your computer (into safe mode, read instructions below)
You might want to copy and paste these instructions into a notepad file, and save it to your desktop. Then you can have the file open in safe mode, so you can follow the instructions easier.
Boot into Safe Mode
- Restart your computer and start pressing the F8 key on your keyboard.
- Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
Run Hijackthis and Select Do A System Scan Only
Put a check mark next to the following entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Each Bird Upload Mfcd] C:\Documents and Settings\All Users\Application Data\Info mags each bird\balmford.exe
Select Fix Checked
Close Hijackthis
Show hidden files through windows explorer
- Access Windows Explorer by clicking Start, point to All Programs, Accesories, and then click Windows Explorer. Or hold the windows key and press E
- On the Tools menu in Windows Explorer, click Folder Options.
- Click the View tab.
- Under Hidden files and folders, click Show hidden files and folders and Turn Hide protected operating system files off.
Use Windows Explorer to navigate to and delete the following folders:
Folders:
C:\Documents and Settings\All Users\Application Data\Info mags each bird <-This folder only
Restart your computer into normal mode
Run a new scan with Hijackthis and attach the log
Blind Dragon
Posts: 3,774 +4
I am almost positive
Blind Dragon
Posts: 3,774 +4
Everything looks ok in that log, time to double check it.
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Run Kaspersky Online AV Scanner
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
- Status
Similar threads
