Results of Update 8 Steps Viruses/Spyware/Malware

Status
Not open for further replies.
W

Wind777

Posts: 16   +0
Hi! Here are some of the logs from trying to rid my computer of several viruses that McAfee allowed access to my computer. I was very disapointed in there support and let them know I thought they should have a free tech chat the way they have it for accounts. I should not be made to pay twice for what I had already paid for. Since then I downloaded the AVG antivirus. I have used it on another computer and have been completely satisfied with its performance.

On the attachments, I am having a problem locating the Super antispyware logs. Please give me some help. Unable to find them in programs under SuperAntiSpyware. No logs even though I saved.

The symptoms I was having to my computer. OS Windows XP Prof. SP3 Lots of ads. Freezing programs including task manager. McAfee updates turned off. Windows updates disabled and unable to enable. Windows Defender updates turned off. My Linsky connector would say it was connected when it was unpluged and would try to link with other routers. It would not close, the tray icon would not turn grey. Unable to connect to internet until I used Windows Internet Explorer with no add ons and in Profiles I used the edit button and re-entered the password several times. Rundll Error -Systems32/udgyjfmy.dll would pop everytime I would start after trying scans with several antivirus, spyware. regit programs. I would disable one antivirus while I ran another. Active X files I had disabled would be enabled again. :)

View attachment 36764

View attachment 36765

View attachment 36766

Please let me know if you have anymore info. or processes I need to take to ensure the viruses have been removed. Thank you for posting the steps I needed to take. Most information is very vague. Hopefully in the future I will be able to help some one else by recommending your site. --W777
 
Hi, have you gone through the SuperAntispyware scan?
Also, your MBAM log shows "no action taken" for all items in them. Please rescan your system with MBAM and fix them. Post fresh logs when you are done as attachments.
 
Based on a weak assumption on the appearance of O20 item, I think this calls for combofix.

O20 - AppInit_DLLs: emlfqv.dll {legit item omitted}
O20 - Winlogon Notify: yaywvwXr - C:\WINDOWS\

Questionable; can user identify this? Otherwise HJT- fix check
O2 - BHO: (no name) - {4A3FC397-4073-48FE-B201-0C932F68764A} - C:\WINDOWS\system32\opnkiHaa.dll (file missing)

All "no action" findings point to the system restore copy.

Follow this post to obtain combofix
combofix –momok
 
Disable AVG realtime protection before running combofix by right clicking it in the system tray and unchecking the real time monitoring

avatar62338_1.gif
Combofix
  • Download Combofix to your desktop.
  • Double click combofix.exe & follow the prompts.
  • A window will open with a warning.
  • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Also attach a fresh hijackthis scan ran afterwards
 
Virus removal-Second time hopefully is the charm.

Hi!
Sorry it took awhile to get back to you. I appreciate all your input. Attached are more recent log files in the order I ran the programs: MBam ( Note: I saved the file before I got rid of the checked items and removed them. I must not of saved the file after they were removed), SUPERantispyware (still unable to find the log files, but everything showed 0),, AVG, Combofix, and Hijack This files. The two missing legit files are files I deleted out of desperation before I found your web site. How can I replace them and what are they used for?

Thank you again,
Cindy
 

Attachments

  • hijackthis.log
    6.9 KB · Views: 6
Has anybody reviewed my new posted logs?

Hi !

Nobody has posted any new posts to my latest logs. Is my computer virus free? My computer seems to be running good except the windows Security Update for Microsoft XML Core Services 4.0 Service Pack 2( Kb936181) never seems to install, even though it says it does and then the update shield appears again with the same update needing to be installed.
During this procedure I loaded and removed several programs? How many of these programs should I leave on my computer running? Should I have just an antivirus and a firewall running? Why is a software package firewall better than the XP Pro firewall?There is so much information out there it is confusing.
Thank you
Wind777
 
Please post some feedback

Hi!

Has anybody got any feed back for me. Has the infection on my computer been irradiated.
I changed my anti-virus to Avast Home Edition. It is presently scanning. Is it all right to leave all the programs on my computer recommended for virus removal. I take it they only run when you purposely start them. I still have Avast! Antivirus, CCleaner, HijackThis 2.0.2, Malwarebytes" Anti-Malware, RegCure1.5.0.1, Restrospect 6.5, SUPERAntiSpyware Free Edition, Windows Defender, WinPatrol 2008, and ZoneAlarm.
The only ones I know that are running are ZoneAlarm, Windows Defender, and Avast Home Edition. Should I turn on the WinPatrol for extra protection?
 
No

Actually uninstall all you can

Realistically you just need AntiVirus (Hmm That's about it !)

If you want extra protection, keep the firewall

If you want to run regular cleanups, keep CCleaner

If you want to run a good malware scan , one day, keep Malwarebytes

All the rest can go, or just keep AntiVirus

Why worry?
If you had some of these things before, and you got infected, well uninstall them, they didn't help
 
Thank you!

Thank you for clearing up the program issue. Are you able to tell if my computer is virus free. As far as the Security update for windows, I found my answer at http://support.microsoft.com/kb/941729/.
Actually I did not have all of those programs on my computer when I got infected. I had McAfee Virus protection only.
Recently I used the information to make my XP Professional more secure. I was unable to do Step 5 Protect your guest account. It would not recognize it as a valid command. I noticed when I went to rename administrator the guest account was disabled. Is this referring to the same guest account.
 
Yes, there's only one Guest account
And it's best to have it disabled

Actually there's a whole range of steps to secure your Xp better on the web

But listen, I'm right into Virus\Spyware removal
I can spend hours on sourcing information and logs, and programs
Let alone all the wonderous tools; Services; Registry entries
And generally "Safe surfing"

But when it really comes down to it, here's the best advice you'll get

Always save user data to external media (ie CD or DVD or other)
Always run a good Antiirus (presently Avira is right up there, followed closely by, the bit slower, Avast)
Always make sure your Antivirus is up to date
And when receiving emails, don't open suspect ones (or unknown ones)
When surfing, don't just click willy nilly on anything
That's about it
All the rest, is just too much!

Lets face it privacy has gone from the vocabulary
And Virus and Spyware infection is just a re-install to clean ! (actually I re-image it's quicker ;) )

That's all
 
From my last posted logs is my computer Virus free?

Hi, I will save my files to my external hard drives from now on. But I still have the question from my last logs posted. Does it look like my computer has been cleaned of viruses?
 
Please re-run HJT and tick and fix these two:
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Click to expand...

Before restarting, also run the --> Norton Removal Tool

Regarding AVG AntiVirus:
If you would prefer a less resource heavy antivirus try Avira instead
To do this you will need to Un-install AVG, then at last restart, then install Avira

If you were very vigilent, you could then update Avira, and run a full scan (in some cases Avira can find threats that AVG missed)
 
Hijack this unable to remove one of the items

Hi Kimsland,

I followed your instructions, but Hijack this did not remove:
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing), Every time I checked the box and asked it to remove or fix it would come up with a blank box. I do not seem to have any symptons of my computer being infected anymore though.
Thank you for all of your help.:D

Wind777
 
Hi Wind777, thanks for the update :grinthumb

The "O23" item can be found in Services (Start->Run->Services.msc)
In there you will find the Kodac startup, which can be disabled (by double clicking on it)

Note: It would probably be better to uninstall Kodac software, but I would suggest backing up first all your pictures

I find Kodac software to be very annoying, and always avoid using it.
 
Status
Not open for further replies.

Similar threads

D
Apple warns users in 92 countries of mercenary spyware attacks
Replies
1
Views
81
erickmendes
erickmendes
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
131
James Ryan
J
Julio Franco
Just a quick note...
Replies
0
Views
109
Julio Franco
Julio Franco

Latest posts

Back