hijackthis log...see anything? [Solved]
#1
Posted 29 March 2014 - 11:22 AM
Register to Remove
#2
Posted 31 March 2014 - 03:56 AM
Hi there,
my name is Marius and I will assist you with your malware related problems.
Before we move on, please read the following points carefully.
- First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
- Perform everything in the correct order. Sometimes one step requires the previous one.
- If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
- Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
- Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
- If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
- Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
Scan with FRST in normal mode
Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
- Run FRST.
- Don´t change one of the checkboxes and hit Scan.
- Logfiles are created on your desktop.
- Poste the FRST.txt and (after the first scan only!) the Addition.txt.
Scan with TDSS-Killer
Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.
Download TDSSKiller.zip and extract to your desktop
- Execute TDSSKiller.exe by doubleclicking on it.
- Press Start Scan
- If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
- Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please attach this file to your next reply.
#3
Posted 01 April 2014 - 07:50 PM
Thank you for your reply.
Edited by mfranklin630, 01 April 2014 - 08:00 PM.
#4
Posted 01 April 2014 - 07:58 PM
here are the files you asked for. Thank you for your help.
Attached Files
#5
Posted 02 April 2014 - 05:35 AM
Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.
Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.
If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.
Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine
Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.
#6
Posted 02 April 2014 - 07:16 AM
#7
Posted 02 April 2014 - 07:27 AM
Multiple Antivirus Programs installed!
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.
The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Ad-Aware.
Add-/remove programms
Click on start-->control panel.
Vista/7: Open Programs and Features
XP: Open add/remove programs
Search for and remove the following programs
KMSpico v9.2.1 Beta
Close the window.
Fix with FRST (normal mode)
WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- Download the attached fixlist.txt and save it to the location where FRST is saved to.
- Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
- The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
Full System Scan with Malwarebytes Antimalware
- If not existing, please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
If the program is already installed:
- Run Malwarebytes Antimalware
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the scan log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Attached Files
#8
Posted 03 April 2014 - 06:03 PM
Attached Files
#9
Posted 04 April 2014 - 04:24 AM
Scan with ESET Online Scan
Please go to here to run the online scannner from ESET.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked
- Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
- Click Scan
- Wait for the scan to finish
- If any threats were found, click the 'List of found threats' , then click Export to text file....
- Save it to your desktop, then please copy and paste that log as a reply to this topic.
#10
Posted 04 April 2014 - 07:20 AM
#11
Posted 07 April 2014 - 04:07 AM
Fix with FRST (normal mode)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
- Please download the attached fixlist.txt and save it to the same location where FRST is.
- Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
- The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
Then we can do the cleanup - if you are facing any issues, report that immediately.
Delete junk with adwCleaner
Please download AdwCleaner to your desktop.
- Run adwcleaner.exe
- Hit Scan and wait for the scan to finish.
- Confirm the message but don´t uncheck anything.
- Hit Clean
- When the run is finished, it will open up a text file
- Please post its contents within your next reply
- You´ll find the log file at C:\AdwCleaner[S1].txt also
SecurityCheck
Please download SecurityCheck: LINK1 LINK2
- Save it to your desktop, start it and follow the instructions in the window.
- After the scan finished the (checkup.txt) will open. Copy its content to your thread.
Attached Files
#12
Posted 08 April 2014 - 09:01 PM
Attached Files
#13
Posted 09 April 2014 - 03:00 AM
Your system is clean!
Uninstall our tools using delfix
Please follow these steps in order:
- In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
- In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
- In any case please download delfix to your desktop.
- Close all other programms and start delfix.
- Please check all the boxes and run the tool.
- delfix will now delete all found traces of our removal process
- If there is still something left please delete it manualy.
Recommendations: How to protect yourself
- System Updates
Please ensure to have automatic updates activated in your control panel.
For further information and a tutorial, see this Microsoft Support article. - Protection
What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
- To keep your browser free of advertising, you may install the Adblock Plus browser extension.
It will filter unwanted advertising out of the website´s content. - To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
In addition, before accessing a dangerous classified web site, a warning screen is displayed.
- To keep your browser free of advertising, you may install the Adblock Plus browser extension.
- Up to date Software
Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
- Secunia Personal Software Inspector - checks if your software has updates available.
- SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
- Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
- Backup
Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. - Behaviour
The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
- While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
- Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
- When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
- Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
#14
Posted 22 April 2014 - 06:39 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users