Virus/Malware Problem - Logs attached

[msykes100]

Hi,

A friend has had a Virus/Malware problem on his laptop which I've been trying to resolve for him. It manifested itself by having continual Windows Security popup messages and a few new icons on his desktop to do with Spyware removal.

I've followed the Virus/Malware/Spyware Preliminary Removal thread (excellent instructions by the way!) and everything looks ok to me. I've attached the logfiles mentioned in the above thread and would be grateful if you could check them out for me and let me know if you can see anymore problems.

For info, the laptop originally had Norton Internet security on there but the licence had expired! Before finding your instructions I ran Sweep, SS&D and Ad-Aware Personal SE, all of which found quite a few problems. However, the popups continued, though less frequently. The thing that seemed to stop them completely and remove the desktop icons was Smitfraud.

Thanks
Mark.

 

[howard_hopkinso]

Hello and welcome to Techspot.

You`re using an outdated version of HijackThis. See this thread HERE.

Run this Symantec/Norton removal tool.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://smb-support.vaio-link.com/eSupport/PortalJSP/Portal.jsp

O2 - BHO: (no name) - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - (no file)

O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Portal.jsp

O21 - SSODL: msmhost - {4D4BF45C-FFA7-429A-9604-FC3F9E51906C} - (no file)

O21 - SSODL: msmdev - {894E8E17-B0ED-4321-9491-4356DE5EAC91} - (no file)

Click on the fix checked button.

Close HJT and reboot your system.

Post a fresh HJT log.

Regards Howard :wave: :wave:

This thread is for the use of msykes100 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[msykes100]

New HJT Log

Hi Howard,

Thanks for your reply.

I've carried out what you suggested, and the new HJT logfile is attached.

Thanks
Mark

 

[howard_hopkinso]

Your HJT log is clean. Unless you`re having any other problems, you should be good to go.

I recommend you install a third party firewall, such as the ones below.

Zonealarm Kerio or Comodo free firewall programmes.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of msykes100 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[msykes100]

Thanks

Put the Comodo Firewall on, just handed the laptop back.

Thanks for your help Howard, much appreciated!!