Can someone take a look at a HijackThis log for me...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by BrooklynGeekGrrl, May 10, 2005.

  1. BrooklynGeekGrrl

    BrooklynGeekGrrl Private E-2

    ...and tell me if I managed to clean up my girlfriend's computer? As per this thread - http://forums.majorgeeks.com/showthread.php?t=38752 - I'm not posting the HijackThis log until it's requested. I'm not a newbie when it comes to computers, but I've never done a cleanup job like the one I just finished; I'd appreciate someone who's more experienced and knowledgeable to look over a HJT log and let me know if there's anything further that I need to do to fix her computer.

    Just to give you an idea of what I was up against, when I got hold of it on Saturday, the initial run-through of avast! resulted in 250 instances of viruses, ad-aware found 992 "wares," and the IE browser was so corrupted that it couldn't even display the 50-something popup ads that shot up at once.

    ANYWAY! It's taken me four days to install all critical updates, download, install and run all the programs in THIS post - http://forums.majorgeeks.com/showthread.php?t=35407 -, refer to other threads in this forum, and all sorts of other stuff. Now, the computer SEEMS to be working fine. But I would really appreciate being able to post a HijackThis log, and confidently return the computer to her.

    Thanks so much for all the help you've already supplied, and for anyone willing to check out a log for me. :D

    -BrooklynGeekGrrl-
     
    BrooklynGeekGrrl, May 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay but make sure you follow the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 10, 2005
    #2
  3. BrooklynGeekGrrl

    BrooklynGeekGrrl Private E-2

    Thank you so much! Attached, you'll find the log.

    **Prays nothing else is lurking in this blasted computer**

    -BrooklynGeekGrrl-
     

    Attached Files:

    BrooklynGeekGrrl, May 10, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) <-- fix it but it will probably not go away.

    Unless you know this CMDIAL32.exe program to be good fix this line. I think it is bad.
    O4 - HKLM\..\Run: [21c87a8992a6] C:\WINDOWS\System32\CMDIAL32.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O15 - Trusted Zone: http://www.musicmatch.com


    Unless you know the below two items to be good, fix them too.
    O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
    O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0011.exe


    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\CMDIAL32.exe <--- if you detemined fixed it above, delete this file.
    C:\Program Files\AWS <--- the whole folder


    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, May 10, 2005
    #4
  5. BrooklynGeekGrrl

    BrooklynGeekGrrl Private E-2

    Things are working okay. Everything seems to have been fixed or deleted, as per your last post. Here's the updated HJT log. Thanks so much for your help! :D

    -BrooklynGeekGrrl-
     

    Attached Files:

    BrooklynGeekGrrl, May 11, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You missed one and I missed one last time. Fix the below lines too:

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
    O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

    Other than that you should be okay. But you should do the steps in the below thread. You need to get a real firewall (mentioned in the steps) installed and then disable the one in WinXP SP2 because it does not provide sufficient protections.

    How to Protect yourself from malware!
     
    chaslang, May 11, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds