Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Savetheinformation infection - HJT log included


  • This topic is locked This topic is locked
3 replies to this topic

#1 kRaSh32

kRaSh32

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 13 November 2007 - 09:13 PM

Hey there... I'm having a little problem with the savetheinformation virus and possibly other infections. I've included below a log of HJT, which I renamed the .exe file to "spyware.exe" just in case. As always, don't know exactly what I'm looking at. I'm usually familiar with HJT and file descriptions but this bug I can't seem to get rid of. I got rid of it for over a week and just yesterday it came back. Any/all advice would be greatly appreciated. The log is short and sweet, or sour as it would seem ^_^ . Logfile of HijackThis v1.99.1 Scan saved at 1:33:15 AM, on 11/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.5450.0004) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Winamp\winamp.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\World of Warcraft\WoW.exe C:\Documents and Settings\krash\Desktop\Spyware.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\qadihscr.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qadihscr.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: qadihscr - C:\WINDOWS\SYSTEM32\qadihscr.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

Edited by kRaSh32, 14 November 2007 - 12:35 AM.

    Advertisements

Register to Remove


#2 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 25 November 2007 - 12:52 PM

Hi, and Welcome to WhatTheTech :)

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

As I am still training here, my posts to you will be checked by an Expert member. This will ensure that all advice and instructions I give you are accurate and safe. This may mean that my replies may take a little longer.


Sorry about the delay in responding :(

If you still need help:

Show all hidden files:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Please do not delete anything unless instructed to.

Scan again with HijackThis, and "copy/paste" a new log file into this thread.

Then I will analyze your log and sort out a fix for you :)

Also please describe how your computer behaves at the moment.


jpshortstuff

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#3 jpshortstuff

jpshortstuff

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,710 posts

Posted 06 December 2007 - 10:58 AM

Hi, do you still need help?

Proud Graduate of the TC/WTT Classroom

At weekends (GMT) I may not be able to reply promptly due to various commitments. Please be patient and I will respond as soon as I can.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Need help remembering those important computer maintenance tasks? Let SCars do it for you.

Posted Image

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 December 2007 - 03:44 PM

Due to inactivity this topic will be closed.If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users