HELP.....After going trough all the suggested steps. here there are the scan logs.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Sun tzu, Jun 22, 2007.

  1. Sun tzu

    Sun tzu Private E-2

    I reached my max stupidity when I ran a bat file that I extracted from a rar file downloaded from net. Then everthing went crazy. Trend micro started to give warnings of about programs that try to connect to internet.

    Then I found myself in this forum. Reading...

    As the forum suggested, I followed the routine.

    I still have the problems. Also, I lost all my trust to computer. I dont think i will be 100 percent sure again about my systems security.

    Thats why i need help to make sure it is working fine and I am safe.

    I will attach the logs. I hope some one will have time for me too.

    Thanks
     

    Attached Files:

  2. Sun tzu

    Sun tzu Private E-2

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    Here are the rest....
     

    Attached Files:

  3. Sun tzu

    Sun tzu Private E-2

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    At last... Hijakthi log file.

    I tried to follow precisely the same way.

    If anything is missing, i will do it right away.

    Thanks again.
     

    Attached Files:

  4. Sun tzu

    Sun tzu Private E-2

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    Also, I have a recovery cd that i created when i bought the pc. I copied the personal folders. Such as my Documents, and pictures and other folders that are important.

    If i use recovery disk and format everything, is it going to remove the problem? Also can I use the backed up files that i burn to dvd, after computer got infected. They are not applications, thet i am concerned. Pictures and expesially my thesis!! Pdf and lots of documents.

    There must be a way to save them,... please help.
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    Welcome to Major Geeks!

    You don't really have any major problems. There are a few things the tools already removed and there are a few minor things to do.

    While in reality it is true that no PC can be 100% trusted once it has been infected, that logic should be taken more seriously when infections themselves are more serious and also should be based upon what you use your PC for.

    For example, it you use your PC for banking or other financial related matters then security would even be more important. But again, you don't show any big problems or information stealer type issues.

    Thus, if you want to format and reinstall, it is purely something you need to decide. However if you are really that worried (and I would almost call it paranoid) then you should not use any of the information in any format that was saved after you have been infected.

    Here are somethings you need do!

    Uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
    C:\Documents and Settings\All Users\Application Data\Sunbelt Software
    C:\Program Files\Sunbelt Software

    Uninstall the below old versions of software:
    Java 2 Runtime Environment Standard Edition v1.3.1_03

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    You can also have HJT fix the below none malware. You don't need this QuickTime process to load at startup. It is a waste of system resources. The Trend Micro item should be removed since it is not even installed anymore according to your logs.
    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\wr.txt
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\testscript.tmp

    Now run Ccleaner
    Now reboot in normal mode

    Now attach the below new logs and tell me how the above steps went.

    1. ShowNew
    2. HJT


    Make sure you tell me how things are working now!
     
    Last edited: Jun 26, 2007
  6. Sun tzu

    Sun tzu Private E-2

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    Thanks for reviewing the logs. One day later after sending you the logs, computer crashed. I couldnt start system in safe mode or any other. Last thing i did was to install a antivir program.(after uninstalling the previous one). Anyway. I used original recover cds and restore the pc and back to basics. I install Kaspersky and Outpost firewall. Now system works so slow...also freezes. Dont know what to do.. My friend suggested me to use knoppix to format the disc and recover the pc after that. I guess i'll try that and use Bitdefender as a package. I think Kaspersky and outpost are clashing or someting...

    MAIN concern at the moment is , how can i trust the backed up stuff (which i really need for my thesis). I scanned by using Kaspersky and online bitdefender. They didnt find anything. I know what caused the infection and didnt backed up it (smart ha!) . Said that, can a trojan or virus spread itself to pdf, doc or compressed files? ( pictures as well..!?)

    Do you have any recommendation for antivir and firewall program perspective? Easy to use without comprimising the security.
     
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    I don't know of any problems using Kaspersky Antivirus with Outpost firewall.

    Yes PDF, DOC, compressed files and pictures and carry infections. You have two choices
    1. Scan them with a good antivirus program and assume that it will detect any problems
    2. don't trust the antivirus program and delete all your files
    I suggest you go with option 1. ;)


    Everything we recommend is in the below link:

    How to Protect yourself from malware!
     
  8. Sun tzu

    Sun tzu Private E-2

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    Thanks Chaslang, I haven't got a lot of choice, have I. I followed the link for the things that i can do to be on the safe side.

    Thanks again..
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: HELP.....After going trough all the suggested steps. here there are the scan logs

    You're welcome.

    Not really! ;) I think you will be okay if scans do not detect anything.

    Surf safely.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds