Qoologic and a host of other problems!

MsApril · Apr 7, 2007

My parents have cable Internet and the cable company shut them off telling them that they had a bad virus. They have 3 computers online...could it be either of the 3 computers or would it be the one that the modem is hooked to.

I've been working on one of them that was online through a linksys wireless router and it is a MESS! It has Qoologic and a host of other infections.

I visited the special removal sticky and dowloaded RKFiles tool. The links to FindQool and WinPFind are broken so I was not able to download those. (this is where I tried http://forums.majorgeeks.com/showthread.php?t=74268)

I also downloaded and ran Qoofix and will attach the log.

I have ran all the requested scan and such and the logs are attached.

Thanks for your help!

MsApril · Apr 7, 2007

Here are Bitdefender and Panda scans.

MsApril · Apr 7, 2007

Here are the rest of my scans.

Thanks Again!

chaslang · Apr 8, 2007

Why do they need so many user accounts?

9 Owner accounts (which are probably admins too)

3 different Administrator named accounts

and more

You should really start by seeing which of these accounts are really required and then deleting all that are not required (make sure to allow it to delete all folders when deleting accounts).

You really did not have Qoologic so you did not need to run those scans. The only signs were in system restore.

Let's try to clean up so more to make logs smaller.

First make sure you have deleted all accounts that are not needed

disable system restore per the directions in step 8 of the READ ME

run the below

Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

Run CounterSpy again and fix all it finds save a new log and attach it.

Now run BitDefender again and fix all it finds save a new log and attach it.

Run Panda again and save a new log and attach it

Now also attach new logs from GetRunKey, ShowNew (get the new version just released first!!!! ), and HJT

MsApril · Apr 11, 2007

Thank you so much Chaslang. He had to take the computer back home because the cable company was coming out to take a look at it. I guess they are going to run some scans or something on it. I'll tackle this when they get finished I guess. Thank you! April

chaslang · Apr 12, 2007

You're welcome. Be sure to address all the user accounts first since that will simplify any cleanup that may be necessary.

Log in or Sign up

Qoologic and a host of other problems!

MsApril Private E-2

Attached Files:

newfiles.txt

runkeys.txt

RKFileslog.txt

MsApril Private E-2

Attached Files:

Activescan.txt

bdscan.zip

MsApril Private E-2

Attached Files:

CounterSpy.txt

Qoofix Logfile.txt

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

MsApril Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Qoologic and a host of other problems!

MsApril Private E-2

Attached Files:

MsApril Private E-2

Attached Files:

MsApril Private E-2

Attached Files:

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

MsApril Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches