HijackThis and other logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kazenotaco, Dec 12, 2006.

  1. kazenotaco

    kazenotaco Private E-2

    I recently have been having some malware issues and was recommended to your site for help. I have performed all the steps outlined in your hijack this section of the site. I unfortunately was unable to get the AVG log while in safe mode for some reason and BitDefender would not work for me either. Everything else did work fine and did seem to remove most of the problems. One of the issues I am still having is I experience an error message when trying to log onto World of Warcraft saying unable to validate game version. I researched into this and it appears to be caused by malware so I believe there is still something present. Here are my logs.
     

    Attached Files:

  2. kazenotaco

    kazenotaco Private E-2

    This is my HijackThis log.


    Thanks for your time,
    Mark
     

    Attached Files:

  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I tend to doubt this problem is due to malware but let's finish cleaning what you have left and see what happens.

    Why are you running this E:\Marko's Stuff\DC++\DCPlusPlus.exe while getting a HijackThis log!


    First run this: ViewpointKiller

    Uninstall the below software:
    Security Toolbar <-- should have been uninstalled in step 0 of the READ ME
    Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME
    J2SE Runtime Environment 5.0 Update 10

    Now install the current version of Sun Java from: Sun Java Runtime Environment

    Delete the below folders from the malware program named Bearshare:
    Code:
    C:\Program Files\
    BEARFLIX      Nov 20 2006              "BearFlix"
    BEARSH~1      Nov 20 2006              "BearShare Applications"

    Now let's clean up the remnants from a SpywareStrike infection.


    I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

    ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

    Now attach new logs from:
    • GetRunKey
    • ShowNew
    • HJT
    How are things working now?
     
  4. kazenotaco

    kazenotaco Private E-2

    I have done everything up to step 1 where you want me to download the smitfraudfix, however I get an error from my university firewall saying:

    I cannot proceed with the steps you gave me since it does not allow me to download this file. Are there any other ways around this?
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is not infected with a virus. It is a tool used to detect and remove the virus/trojan that you aleady have and that your firewall should have blocked previously.

    I'm not sure if we can get around it. Try running the below procedure. Even if you cannot run the SmitRem.exe application mentioned in the below, run ALL other steps.

    SpywareQuake & SpyFalcon Removal Procedure
     
  6. kazenotaco

    kazenotaco Private E-2

    I have completed all the steps in the procedure you gave me excluding the ones requiring the SmitRem.exe file which I am unable to download. The only files I found of the many listed were the %System32%\ot.ico as well as a bunch in the TEMP folder. I also attached new logs (runkey, shownew, and hijackthis).

    I was also curious if you might happen to know what would cause the "unable to validate game version" error with World of Warcraft. I talked to their tech support earlier and was told they increased security on their login servers and that malware would cause the problem. He recommended I get the Kaspersky anti-virus which is supposed to find the problem but it hasn't seemed to accomplish anything yet.

    Thanks a lot for the help,
    Mark
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have no signs of any malware. Perhaps your problem is the same thing that prevents you from downloading certain files ---- the firewall at your school. The only other thing I would ask, is you game an original legal, licensed copy.

    One other thing that looked a little strange in your runkeys.txt log is something to do with Autoplay settings on all drives in your system. You have all disabled. And then you also unknown policy key (shown below). Did you set it that way yourself. I doubt this has anything to do with game validation.

     
  8. kazenotaco

    kazenotaco Private E-2

    I am sure I have a legal, licensed copy of the game and I have actually never had any issues running it until the recent patch. I assume it is most likely a problem on Blizzard's end seeing as there are many others who have this problem.

    I am also unsure about the autoplay settings. A friend originally helped me build my computer about a year ago and I allowed him to perform all the software details since I am still quite inexperienced with computers outside of gaming.

    I would just like to say I was very impressed with your response time and how well it cleared up my malware problems. Thanks a lot :)
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There is still a chance that something they have changed on their end now causes a problem with your firewall that did not occur before.

    Let's set it back to defaults.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    You're welcome! And now I do need to disconnect. Almost 4 am my time.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds