Am I clean Yet?

Discussion in 'Malware Help (A Specialist Will Reply)' started by waryuser, Nov 22, 2007.

  1. waryuser

    waryuser Private First Class

    Hello majorgeeks, I love the job you guys do for us regular users, thanks in advance.

    well the reason I am posting is because I have regularly been running scans and found that viewpoint media player had been installed along with a few other viewpoint programs. I uninstalled them and went through the read me and run me first thread. I have the attached logs below. I was unable to get one for the Panda Activescan I suppose because there was nothing found , there was no option to see the report, only one to scan again. None of the scanners found anything, and I dont see the viewpoint stuff installed again. One thing to note, when installing the new version of java spysweeper told me that IE was undergoing a BHO change and I allowed it, should I have?

    PS: myantispyware/antivirus/firewall protection is from spysweeper and mcafee

    without further ado attached are all my logs.
     

    Attached Files:

    waryuser, Nov 22, 2007
    #1
  2. waryuser

    waryuser Private First Class

    rest of logs. I think this is all of them. Thank you all for reading! :)
     

    Attached Files:

    waryuser, Nov 22, 2007
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Viewpoint will periodically be reinstalled anytime you install and maybe update anything from AOL. You just have to keep an eye out for it an uninstall all of this junk when you see it. You can also use this: ViewpointKiller

    Yes! Sun Java adds a BHO that you can see in your HJT log.

    Your logs are basically clean. I have some minor things for you to do.

    First uninstall the CounterSpy trial program!

    Delete the below left overs from Viewpoint
    C:\Documents and Settings\Owner\Local Settings\Application Data\Viewpoint
    C:\Program Files\Common Files\Viewpoint

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    After clicking Fix, exit HJT.
     
    chaslang, Nov 22, 2007
    #3
  4. waryuser

    waryuser Private First Class

    Done, done, and done. Thanks a lot Chaslang, hope you enjoyed turkey day like I did.
     
    waryuser, Nov 23, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Yes thanks! TurkeyDay was great! Happy to see your was too.

    If you are not having any other malware problems, it is time to do our final steps:
    1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    2. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    3. After doing the above, you should work thru the below link:
     
    chaslang, Nov 23, 2007
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds