Computer Hope

Software => Computer viruses and spyware => Topic started by: jerri on January 02, 2009, 12:15:45 PM

Title: Virus or malware infection?
Post by: jerri on January 02, 2009, 12:15:45 PM

I am running a dell inspiron 531s desktop with 2.31gHz and 1.93 GB RAM with Windows xp version 2002 service pack 3. 

I have been having issues with searches being redirected, my norton antivirus had to be removed completely because it would not function and it was up to date.  When I tried to go to any site with antivirus software the site was blocked.  I finally got avast from filehippo as well as the other software you mentioned above. 

I have followed all of the instructions above and things seem to be working better, but please let me know what else I may need to do.



[attachment deleted by admin]

Title: Re: Virus or malware infection?
Post by: CBMatt on January 04, 2009, 05:12:49 PM

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Title: Re: Virus or malware infection?
Post by: jerri on January 04, 2009, 06:46:27 PM

Okay I ran combo fix and here is the log for that and hijackthis.  Thanks for the help.

[attachment deleted by admin]

Title: Re: Virus or malware infection?
Post by: CBMatt on January 05, 2009, 03:26:07 PM

One more quick scan...

Please print these instructions as they will be needed later when Internet access is not available.
 
Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/179891642/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

• Double click SDFix.exe and it will extract the files to %systemdrive%
  
• (this is the drive that contains the Windows Directory, typically C:\SDFix).
  
• DO NOT use it just yet.

.Reboot your computer in Safe Mode (http://www.bleepingcomputer.com/tutorials/tutorial61.html) using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
 
Open the SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
  
• When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  
• Copy and paste the contents of the results file Report.txt in your next reply.

Title: Re: Virus or malware infection?
Post by: jerri on January 05, 2009, 05:18:45 PM

Here is the sdfix report.

[attachment deleted by admin]

Title: Re: Virus or malware infection?
Post by: CBMatt on January 05, 2009, 05:44:56 PM

You have WildTangent on your computer, which I'm not particularly fond of, but it technically isn't an infection.  Aside from that, I don't see much.  How is your computer running now?

Title: Re: Virus or malware infection?
Post by: jerri on January 05, 2009, 05:48:07 PM

It seems to be running fine now.  I don't even use wild tangent.  that can be removed from the add remove programs page right?

Title: Re: Virus or malware infection?
Post by: CBMatt on January 06, 2009, 12:48:04 AM

You should be able to remove it that way.  If not, just let me know and I'll see if I can provide you with some instructions.  I believe there may be a removal tool available, but I could be wrong about that.

Also, you need to get yourself a decent firewall.  I would suggest looking into Comodo, ZoneAlarm, or Kerio Sunbelt.  Find one you like, download it, disconnect from the internet, disable Windows Firewall, install your new one and restart.

While you're at it, go ahead and uninstall ComboFix.  To this, simply go to Start > Run and type in combofix /u (note the space) and click OK.

You should also clear out your System Restore points by turning it off and then turning it back on...
http://support.microsoft.com/kb/310405

Title: Re: Virus or malware infection?
Post by: jerri on January 06, 2009, 05:00:58 PM

I unistalled Combofix and have downloaded and installed Comodo Firewall.  I also removed Wild Tangent.  Is there anything else I need to do or am I good.  Thanks again for all the help.

Title: Re: Virus or malware infection?
Post by: CBMatt on January 06, 2009, 05:20:27 PM

As long as you have done all of my recommended steps, then you are good to go!