Previous Viruses, Popups, and Registry Change warnings

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Wobbles, Nov 22, 2005.

  1. Wobbles

    Wobbles Private E-2

    Hey guys, I'm a computer tech at a company and end up doing alot of spyware work.

    We have been recently hit with the new variant of sober virus, our antivirus has picked it up. This user gets popups off of any website, but I think its due to the maxifiles toolbar addon(you will see it in the hijack this log below). I haven't taken it off yet but I wanted to show you the log to see if I missed anything. One item in particular is [winsync]. I can't find anything on it or its associated file C:\WINDOWS\system32\ss4gsl.exe reg_run.

    The user also gets a few popups from Mccaffe warning him of registry changes. I also couldn't recognize what they were. Unfortunately I don't have them written down atm, but will soon.

    So, here is the log!

    Edit by bjgarrick: Inline log attached!
     

    Attached Files:

    Last edited by a moderator: Jul 28, 2006
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. HijackThis logs should not be posted until the cleaning steps have been run, HijackThis must be installed properly, and then logs must be attachments. This is all covered in the sticky threads.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
    You are going to need to run some special steps two due to the WinSync problem. The below will help us locate some hidden bad files so we can fix this manually.

    Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

    1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

    2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

    Now come back here and post all three logs as attachments. It will require two messages to get these 3 logs and the new HJT log attached. Only two attachments per message are allowed.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds