infection in computer

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by shewolf, Dec 4, 2009.

  1. shewolf

    shewolf Specialist

    This is a Toshiba Satellite Laptop running Windows Vista Home Premium it was infected with a rogue AV, browser was acting hijacked (search for something click on the link for it and would take to another website - ie.. typed in ebay list came up selected the correct one and it redirected me to another website not ebay), sometimes would get a pop up when trying to view Internet Explorer the pop up was a false thing stating computer was infected (yes I know its infected but I knew that the pop up was not legit).

    I have ran read me first and am attaching the log files I need to know if the computer is now un-infected or if there are still remaining infections.
    Have attached SAS,MB,ComboFix, and RR logs will attach mgtools in a following attachment.

    I believe things are ok since no longer showing any signs but still need to be sure..
    This computer came to me infected and when I start up the computer it also tells me that there was a problem running the catalyst program and the cffenceenabler program I do not know if those are spyware/malware related or if i need to go elsewhere to get help on those.

    Thanks,
    SW:)
     

    Attached Files:

    shewolf, Dec 4, 2009
    #1
  2. shewolf

    shewolf Specialist

    attachment of the mgtools log file


    I was wrong still get redirected when trying to search for something in Internet Explorer went to look up what the ATI catalyst pop up thingy was and it wasn't taking me to the ATI website when I clicked the link it kept redirecting me to search sites.
     

    Attached Files:

    Last edited: Dec 4, 2009
    shewolf, Dec 4, 2009
    #2
  3. shewolf

    shewolf Specialist

    UPDATE:::
    All of a sudden now it will not connect to the internet it is a laptop running windows Vista and it was connecting just fine to my 2wire gateway all I had to do was enter my WEP code and it connected no problems. Turned it on and now it won't connect well it connects but for access it says local and I can't surf or use anything that connects to the internet or requires a browser.

    I read somewhere that Norton being installed can cause the problem and it is showing Norton 360 in the add remove programs but will no allow me to uninstall it.

    It won't even connect to the internet via ethernet cable connected to my 2wire.

    I don't have any way of doing anymore scans and posting them to the forum until I can get the internet back up and running on the laptop so thought I would post an update here as maybe there is malware in there blocking it.. ????

    Thanks
    sw:)
     
    shewolf, Dec 4, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I see you are attempting to occupy multiple resources in resolving this. You posted the below:

    http://www.spywareinfoforum.com/index.php?showtopic=126686&pid=708516&st=0&#entry708516


    You must not post requests for help at multiple forums. It is a waste of limited resources. Any good forum is going to be busy and you just need to post on one and wait until someone can get to you. In the above forum they are asking you to post a HijackThis log which is a waste of time since it will not show anything related to your problems. That is one reason why we state not to post them in this forum. While they still have uses, they are not as helpful as the other tools we have you run.

    You need to chose where you want to work your malware problems and then the other forum you are already getting help. It does not matter which forum, but you must only seek help in one.

    cfFncEnabler.exe - that you mentioned is a Toshiba application which initializes Toshibas "Config Free" feature. It is used on Toshiba laptops to assist the user in detecting and connecting between wireless networks. This application is normally located in the c:\program files\toshiba\configfree directory and requires Microsoft .NET framework to launch. If you are having a problem with this, you may need to reinstall the application. This is not a malware problem.




    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).



    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Dec 6, 2009
    chaslang, Dec 6, 2009
    #4
  5. shewolf

    shewolf Specialist

    I apologize my friend is a truck driver and needs it back asap so I made the error of trying to seek help elsewhere which I shouldn't have done..

    Internet wise there is nothing I can do at this point in time as when I turned the laptop on again tonight after being off since the 4th it gave me a black error screen stating that new hardware/software had been installed created a conflict (something like that) I tried to have it resolve it on its own and it wouldn't so my only option was to do a system restore and the only dates available were between Nov 1st and Nov 10th and now I no longer have any programs that I had downloaded (combofix, mgtools, etc) and I still have no internet access..

    After I lost the internet capability on the 4th I tried connecting the laptop wirelessly like I was before and also I tried connecting directly to my Internet Modem via ethernet cable and that still would not give me total internet access it just says local for access. I do have internet connection just can't get anything but local for access and even after have to do a system restore I am still unable to access the internet.

    I have 2 desktop computers at my home (1 connected via ethernet, 1 connected wirelessly) and a wii system that when is being used connects wirelessly and they all work but the laptop will no longer work so i know it isn't my internet.

    So, at this point in time would my best bet be to do a total system format/recovery (basically dump the computer and start fresh)?

    I don't really want to do that but I am at a loss as to why I could connect to the internet just fine to post my problem I did not do any updates myself but when I shut the computer off on the 4th it did says updating step 1 of 3 do not shut computer off etc.. and continued on to updating 3 of 3. Then when I turned computer back on later on the 4th I had no internet access. Then after sitting for two days being off I get that black error screen and could only do a system restore in order to be able to log on and view programs etc but still no internet access.

    Again I do apologize and will only stay with MG forum... So sorry just feeling the pressure to get this figured out.. :(
     
    shewolf, Dec 6, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nothing stops you from downloading them on another PC and then copying them to the problem PC via CD or flash drive.

    Did you setup the connection properly? Did you setup for DHCP? Have you checked to see if you are getting an IP address assigned from the router? What IP address is assigned? Is the IP address being assigned on the same network as you see on your other PCs?

    That's up to you on how much more time you want to spend. Also have you backed up all personal data that needs to be saved. It may not even be a malware problem at this point but not sure yet.
     
    chaslang, Dec 9, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds