Malware Removal Help Greatly Appreciated

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by LadyGeek, Jun 22, 2007.

  1. LadyGeek

    LadyGeek Private E-2

    To begin with, thank you. I have loved this site for quite some time just for all the info I've found here. Now I find myself in need of your help.

    PC problems:

    For a while now connecting to the internet has been slow in acquiring network address and recently has become quite cantankerous ... sometimes only limited connectivity, and often repeated attempts and reboots in order to connect.

    Finally, yesterday while running a client application through Citrix the client application was lagging so much that it was impossible to efficiently access the database, even after cleaning computer and rebooting. I had also had connectivity issues earlier in the week on another project. The software there is web based and utilizes java.

    I am especially curious about the infection found by Bitdefender - WAHA ASSIST.EXE Infected with: DeepScan:Generic.Malware.P!YV!dWk!g.F273F4B1. This file was provided to me in order to download client applications for work!!

    I have followed all the instructions in the "Read and Run Me First" post and am attaching the logs.

    Thanks again for your help,

    Sharon
    LadyGeek Wannabe
     

    Attached Files:

    LadyGeek, Jun 22, 2007
    #1
  2. LadyGeek

    LadyGeek Private E-2

    And the additional logs.

    Sharon
    LadyGeek Wannabe
     

    Attached Files:

    LadyGeek, Jun 22, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Yes this is a valid program from workathomeagent.com but why is it sitting on your Desktop instead of using a shortcut to the EXE.

    You should uninstall the CounterSpy trial now since we are finished with it and it will just slow you down more.

    You do not really have any malware problems. I will give you something to try which will remove some unnecessary startups that are wasting system resources.

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - (no file)
    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    After clicking Fix, exit HJT.

    Now reboot in normal mode

    Now attach the below a new HJT log.

    Did that help at all?
     
    chaslang, Jun 23, 2007
    #3
  4. LadyGeek

    LadyGeek Private E-2

    Because I was having issues with my other computer and had to switch out boxes in the middle of a shift and get the apps up and running on the fly. In a hurry ... I do know better. SORRY.

    Uninstalled CounterSpy.

    Did the suggested fixes in HiJackThis and the log is attached.

    I won't really know until after I work on Monday if I have eliminated issues with my client software. Hoping that all this cleanup will have helped. And uninstalling and reinstalling java will have corrected any possible issues there.

    Thanks for your help.

    Sharon
    LadyGeek Wannabe
     
    LadyGeek, Jun 23, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You forgot to attach it. Make sure it is a NEW log or it will not attach.

    Okay, let us know Monday.
     
    chaslang, Jun 23, 2007
    #5
  6. LadyGeek

    LadyGeek Private E-2

    Actually, after repeated upload errors, I guess I will have to try later to upload hijackthis2.log. Four attempts. I will try again later.

    Thanks,
    Sharon
    LadyGeek Wannabe

    P.S. Finally deleted the failed upload thru the site and this one succeeded.
     

    Attached Files:

    LadyGeek, Jun 23, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    That log is from safe boot mode. HJT logs must be from normal boot mode as indicated.
     
    chaslang, Jun 23, 2007
    #7
  8. LadyGeek

    LadyGeek Private E-2

    Thanks for your patience.

    Sharon
     

    Attached Files:

    LadyGeek, Jun 23, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay you got everything requested. Let us know the results on Monday but also note if you are still experiencing problems, it is more than likely not due to malware.
     
    chaslang, Jun 23, 2007
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds