Hijacked?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 1trkmind, Aug 31, 2008.

  1. 1trkmind

    1trkmind Private First Class

    I have a HP ze4400 notebook that was finally given back to me from a relative. It's been a couple years so I went through your read & run me process. My Av found a virus and the other scanners found stuff too.
    I use sygate firewall. but since restarting the pc sygate wouldn't startup with windows. also I disable windows firewall. but every restart the windows firewall is enabled again. when I attempt to get the windows updates from the control panel the error reads (null) I don't have the full error sorry. firefox is the primary browser so that might be the problem there. Anyways I just want to make sure it's clean and I'm not familiar with the logs. It looks like I didn't save the saslog. there were some results from that scan. This is what shows up in the quarantine

    "trojan.widows overlay components/sysmon"
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS(NextInstance - AQAAAA==)
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (service - Woindows Overlay Components)
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (Legacy - AQAAA==)
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (ConfigFlags - AAAAAA==)
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (Class - LegacyDriver)
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (ClassGUID - {8ECC055D-047F-11D1-A537-0000F8753ED1})
    HKLM\SYSTEM\curentControlSet\Enum\Root\LEGACY_WINDOWS_OVERLAY_COMPONENTS\0000 (DeviceDesc - Windows Overlay Components)

    View attachment MGlogs.zip

    View attachment mbam-log-08-20-2008 (22-58-58).txt

    View attachment ComboFix.txt
    Thanks guys.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The logs can be found in the below information. Please attach it
    Code:
    "C:\Documents and Settings\Cass Morgan\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\"
    supera~1.log  Aug 20 2008        1585  "SUPERAntiSpyware Scan Log - 08-20-2008 - 22-52-15.log"
     
  3. 1trkmind

    1trkmind Private First Class

    here are the combofix logs
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Other than what ComboFix already removed, your logs are clean. You just need to uninstall J2SE Runtime Environment 5.0 Update 6 as requested in step 1 of the READ & RUN ME and then install the current version of Java as requested.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds