May I send a HJT log please?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Wallyzworld, Dec 26, 2004.

  1. Wallyzworld

    Wallyzworld Private E-2

    hey there ... I have tried every suggestion in your list - I cannot see the problem. May I send a hijack this log for you to give advice to?
    Please let me know.
    Thanks
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have followed ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and you still have a problem, follow the guidelines below and post your HJT log as an attachment.

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  3. Wallyzworld

    Wallyzworld Private E-2

    here is my hjt log. Thanks
     

    Attached Files:

  4. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First of all, whats problems are you experiencing?
     
  5. Wallyzworld

    Wallyzworld Private E-2

    When running IE, I can get to certain websites but when I access a particular site, even majorgeeks, IE freezes and the computer reboots.
     
  6. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    After running the online scans and tools. Have you found any particular infections? Other than IE freezing and rebooting are you experiencing any other problems?
     
  7. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    FIRST, make sure "System Restore" is disabled temporarily.

    Run Hijack This and have it fix these entries. Before removing anything with HJT please close all browsers.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.ca/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


    After fixing these entries, reboot and see if problem remains. Let me know. Thanks!
     
  8. Wallyzworld

    Wallyzworld Private E-2

    had a fun time huning down and eliminating the mad.dll one - also found istsvc.exe and that was eliminated as well. Had a dozen from ad-aware. Spybot and the others have all been run and is clean.
     
  9. Wallyzworld

    Wallyzworld Private E-2

    removed R1 as requested and he R0 as well. I removed the O4 line with the kernal fault check and it was gone. I rebooted out of safe mode and ran IE - I got to majorgeeks.com first page, but when I clicked on the forums link it crashed again. Went back to safe mode and looked at the O4 line (kernal fault check) had returned. I repeated the removal of this. Went in and out of normal and safe mode and ran HJT and it was gone every time. It comes back only after IE crashes. I think this is some type of Windows reporting error file. Any more suggestions before I "format c:"....?
     
  10. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    First lets make sure your system is clean from malware.

    1) Download SpySweeper

    2)Install SpySweeper, after you have SpySweeper installed go to "Options" and update definitions.

    3)After update is complete click on "Sweep Now" and do a system scan. This will detect most malware on a system. After scan is complete remove all found traces and post me a log of that. Thanks!
     
  11. Wallyzworld

    Wallyzworld Private E-2

    it found a lot of crap - didnt work though. Log is attached; had to break down into "a" and "b" as the file is too large. "A" is attached - let me know if you need "b" too. IE crashes at majorgeeks.com front page now again.
    Arrgh
     

    Attached Files:

  12. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Make sure you have updated definitions, reboot and do this same SpySweeper scan in "Safe Mode". You have some nasty malware.
     
  13. Wallyzworld

    Wallyzworld Private E-2

    All updated, ran in normal and safe mode - still nothing. here is the new spysweeper log. Any further leads?
    BTW ... Thanks for your help so far!
     

    Attached Files:

  14. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Just a quick question, do you have "Content Advisor" enabled?
     
  15. Wallyzworld

    Wallyzworld Private E-2

    No its not .. that would be too easy right?
     
  16. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    I have ran into some situations to where the content advisor was causing IE to crash like that on certain sites. Ok if its not that then we need to go more in deph to find out whats causing this.

    When did this start?

    Do you recieve any specific error messages and/or numbers? If so please provide me with that information.
     
  17. Wallyzworld

    Wallyzworld Private E-2

    I've been fighting this for about three weeks I guess. I joined the geeks the week before xmas and started sing your information on everything. No error messages or anything pop up. Just a freeze and it restarts. My homepage is google, and I can get to there, and any other simple html site, but once the site gets "complex" (for lack of better terminology this late) it freezes and crashes.
     
  18. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Try this,

    1) Click Start, Run.

    2) In the Open box, type:iexplore.exe /rereg

    3) Click OK

    4) Reboot, and see if problem is fixed
     
  19. Wallyzworld

    Wallyzworld Private E-2

    No - i wish it solved it but it did not. Tried in regular and in safe mode.
     
  20. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Do this before we continue, Download CCleaner

    Install and run this program, it will clean your temporary internet files, cookies, etc;

    Close all browsers before running this program.
     
  21. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Also something else I want you to do before we continue. I would like you to run TrendMicro's online virus scan just to be sure your ok from viruses. You may have done this already but just to make sure. This sounds like something a virus would be doing. If this detects anything let me know what it finds and if its removed. Also, do you know for sure you removed all of the istsvc.exe infections as this is pretty nasty malware. Thanks!

    TrendMicro Virus Scan
     
  22. Wallyzworld

    Wallyzworld Private E-2

    oboy the trend micro scan is lengthy ... ya - all clean. found nothing at all. through security task manager and hijack this i am pretty sure there is no more istsvc. I can keep looking if there is something else i should try. I have to give up tonight though. gotta work in a few hours. thanks again for everything so far.
     
  23. Wallyzworld

    Wallyzworld Private E-2

    anyone else have any ideas??
     
  24. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Download the following tools but only run what I ask you to run:
    Generic Detection Tool

    http://www.downloads.subratam.org/DllCompare.exe

    http://www.downloads.subratam.org/VX2Finder.exe

    http://www.downloads.subratam.org/KillBox.zip


    Then, unzip the Generic Detection Tool to a safe folder of your choice and run "findit.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

    The tool should generate a long text file. Please attach that to your next post.

    Do not reboot after that because that can cause the files to mutate.
     
  25. Wallyzworld

    Wallyzworld Private E-2

    Too late ... white towel thrown in. format c:\ commenced and worked. reloading the whole shebang now. Thank for all your efforts. I will be sure to use everything you've recommended on a timely basis to prevent this again (i hope). Thanks for a great website - Love the arcade.
     
  26. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds