14 replies to this topic

[MrSlippery]

Hello, I was wondering if anyone would be able to look at my log file from my HijackThis scan and tell me what would be safe to delete. Thanks for your help/kindness, Slip

[MrSlippery]

<edit> I thought I attached the file in the original post... Sorry.

Attached Files

•  hijackthis.txt   7.54KB   133 downloads

[MrSlippery]

Anybody?

[Tomk]

Hi MrSlippery,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

What issues are you having?

Other than bittorrent toolbar, which means you are probably downloading "shared" files which is a guaranteed way to get infected.... I'm not really seeing a problem with your log.

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

Then

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).

Also please describe how your computer behaves at the moment.

[MrSlippery]

Hello Tomk, Thank you very much for the detailed reply. I really appreciate your help. First, to answer your questions, there is nothing (noticeably) wrong with my computer. Even though it's three or four years old now, it's still running like a champ. I only ran the HijackThis scan to see if there were any problems I had that weren't causing any noticeable issues that I would still (naturally) like to do away with. I downloaded TFC and ran it, per your instructions. And it cleared about 200 MB of temporary files (which was quite a shock to me). Then I ran Malwarebyte's program, and it found two "infections," but I'm not sure if they are truly infections or not. I have attached the results of the scan. The two "infections" that were found belong to a program called WinKey, which is a program I use that allows me to execute any number of commands with custom keyboard shortcuts. I don't remember exactly where I downloaded it from, but probably CNet, or some reputable website. Of course, I'd be extremely happy to hear your expert opinion on the matter. Thanks again. Waiting patiently, Slip

Attached Files

•  mbam_log_2011_06_23__17_12_15_.txt   1015bytes   139 downloads

Edited by MrSlippery, 25 June 2011 - 06:08 PM.

[Tomk]

MrSlippery,

There is in fact a couple of virus's that use the winkey.exe name, one is even a backdoor rootkit. However, I think that you are correct that yours is a false positive detection. Let's check it out to be sure:

Submit a file to VirusTotal for analysis

• Use the browse button on that page to navigate to the location of the file to be scanned.
• In the right hand panel,
• click on the file c:\program files\WinKey\WinKey.exe
• then click the open button.
• The file will now be displayed in the submit box.
• Scroll down a bit and click "send file", wait for the results
• If you get a message saying File has already been analyzed: click Reanalyze file now
• Once scanned, copy and paste the link to the results page in your next reply.

[MrSlippery]

Here you go.

http://www.virustota...c212-1309045357

[Tomk]

MrSlippery,

It looks like the file is OK. For some reason it is unsigned and doesn't list the manufacturer like it should. I'm guessing that this is why Mbam flagged it.

Anyhow... you should be good to go.

Log looks good


You need to create a new Clean restore point:

Click Start Menu > Run > copy and paste

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it (something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

[MrSlippery]

Hello Tomk, When I copy/past %SystemRoot%\System32\restore\rstrui.exe into the run command prompt, I get an error saying that windows cannot find such an executable.

[Tomk]

MrSlippery,

Give this a try:

You need to create a new Clean restore point:

• Download SysRestorePoint to your desktop and unzip it to it's own folder.
• Double click SysRestorePoint.exe so that we can make a new system restore point.
• A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.

Remove all previous Restore Points
Click Start Menu > Run > copy and paste

cleanmgr

You may be asked to choose drive. Choose C: At top, click on More Options tab. Click Clean up... button in the System Restore box. Click on Yes button. When finished, click on Cancel button to exit.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.

[MrSlippery]

Hello again, Thanks Tomk for all of your help. I downloaded the system restore exe and ran it, however I have a question. Now that a system restore point has been created, how do I go about using it should the need arise? I was expecting it to create a file in the folder I made for the program, but I don't see anything. I've never had to do a system restore before, so I'm not familiar with the process. Thanks again, Slip

[Tomk]

Here is a pretty good tutorial about system restore: http://www.bleepingc...utorial143.html

[MrSlippery]

Thanks a lot Tomk. I really appreciate all of your help. I am now much more confidence in the health (and future health) of my computer. We both thank you.

[Tomk]

MrSlippery, You are very welcome. Good luck and be Well.

[Tomk]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.