Software > Computer viruses and spyware
Can someone look at my Hijack this log please
Nev:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qqrajxig
*******************
Script file located at: \??\C:\Program Files\uokymbqa.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver _wff unloaded successfully.
File C:\WINDOWS\system32\drivers\_wff.sys deleted successfully.
File C:\WINDOWS\system32\jjkmp.ini2 deleted successfully.
File C:\WINDOWS\system32\jjkmp.bak2 deleted successfully.
File C:\WINDOWS\system32\jjkmp.bak1 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
:] Dankaaaaaa. Ohh and my anti-virus is turned on....
evilfantasy:
We are almost there!
Please post one more HijackThis log.
I will be working on a few more things that need attention, but they are easy.
Nev:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:27 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\analyze.exe\Analyze.exe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
--
End of file - 2432 bytes
I have to go to work now, so I won't be able to reply as quickly as I have been but thank you! and yay! :)
evilfantasy:
No problem, there will be some closing steps when you return. Thanks for the patience!!!!!
evilfantasy:
Go to Start > Run and copy and paste next command in the field:
ComboFix /u
Make sure there's a space between Combofix and /
Then hit Enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
=======
Stuff to delete:
The Avenger
C:\avenger.txt
VundoFix
C:\vundofix.txt
=======
Your Java is out of date
Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version of Java components and update
Updating Java:
* Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
* Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Java version is 1.4.2.3 <--Uninstall
Java version is 1.5.0.3 <--Uninstall
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each of the Java versions.
* Reboot your computer once all Java components are removed.
* Download the latest version of Java Runtime Environment (JRE) 6
* Click the Free Java Download button.
* Click the Download Now button.
* When the Software Installation dialog box opens. Click on the Install Now button.
* Follow the prompts to complete installation.
=======
You can keep ATF-Cleaner for a good scrubbing when needed, but it is a powerful cleaner so be sure you know what you are deleting.
A good, safe daily drive and registry cleaner is CCleaner.
Download CCleaner
* Once CCleaner is open use the default options.
* Click Analyze and it will show a log of what will be removed.
* Next click Run Cleaner to remove everything.
* Then on the upper left of CCleaner select the Registry tab.
* Click Scan For Issues.
* Then click Fix selected issues.
* It will prompt you to make a backup. For the first run I would suggest doing so.
* Exit the program and you are done.
=======
I woulds also suggest having a look at this article by Tony Klein So how did I get infected in the first place?
There are some great tips for improved security for everyone.
Let us know if anything else pops up.
Safe surfing.....
Navigation
[0] Message Index
[*] Previous page
Go to full version