Someone's Getting Canned Over This (I've Cleaned up, just make sure I'm clean)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by orty, Jul 3, 2006.

  1. orty

    orty Private E-2

    I'm a geek, fix computers for a living for a couple of companies, and have a nice clean running system with all the various protections in place (hardware firewalls, anti vir/mal, don't use MSIE unless I have to, etc...) -- assuming I'm the only one using it. I made the mistake of leaving my laptop on my desk and a co-worker decided to use it to browse the Internet (even though he knew my laptop was off limits). He got online, into MSIE, downloaded something, and my computer went totally bonkers. AVG popping up trojan warnings, it was loads of fun.

    Needless to say, said co-worker may not have a job here too much longer.

    So I searched for the file name that wouldn't die (jkkiiif.dll) and Hijackthis couldn't get rid of easily, and didn't have any luck. So I searched by its unique code for the BHO (whatever those long string of characters are called -- I just had a brain fart) and came across this post (yes I had to do it the hard way) that helped me get the stupid thing off my system.

    I've ran the hijack this log through the online check tools, but a human eye is always better. Does the attached look clean or need attention? (and yes, I know about the packetcapture tools -- I installed them and use them for network troubleshooting)
     

    Attached Files:

  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    You should update your Java to 1.5.0_07, make sure to uninstall the old version.

    The only thing I don't recognize is the following:
    O20 - Winlogon Notify: winegi32 - C:\WINDOWS\SYSTEM32\winegi32.dll

    I can find no information for that file.

    Otherwise the HijackThis log is clean.
     
  3. orty

    orty Private E-2

    I'll get Java up to date. Thanks!

    And I'm a step ahead of you on the winegi32 -- I don't know what it was, but it was a pain in the butt to delete properly (had to use the same techniques as the above), but it's gone.

    So far, so good -- I've ran AVG, TrendMicro Online, Adaware, Spybot, and ewido (couple times for some of them). Trend came up with some stuff the others didn't catch, but have ran it a couple times since, all clean.

    Crossing fingers that it doesn't pop up again :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds