Stubborn Viruses

Discussion in 'Malware Help (A Specialist Will Reply)' started by Rich_Lovina, Dec 7, 2007.

  1. Rich_Lovina

    Rich_Lovina Private E-2

    For a month I've been continuously running the READ & RUNME checks, usually leading to an improvement in opening up from one page to another. However i suspect something more sinister as each run of AVG and Spybot keep creating more intermediate level risk files.

    Attached are two of my latest Combofix files which may offer some clues.

    Any advice appreciated greatly.
     

    Attached Files:

    Rich_Lovina, Dec 7, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    They only show what should be expected. And that is when you install and/or uninstall things, your PC file system changes. You should not be running ComboFix just for the heck of it nor should you be using it as a comparison tool. ComboFix can be a dangerous tool if used incorrectly. You should only run it as advised.

    Are you having malware problems, if yes, complete the below instructions.


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Dec 8, 2007
    #2
  3. Rich_Lovina

    Rich_Lovina Private E-2

    I believe I have been running all tools in accord with the instructions; however AVG did not produce a report. All scans were in safe mode.

    All my attachments are now here. The PC, Win XP, runs ok speedwise, then starts going slow on web clicks. Grateful any interpretation.
     

    Attached Files:

    Rich_Lovina, Dec 11, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Not if you ran them in safe mode which is not what is requested. Also why are you attaching 2 ComboFix logs when we only ask for 1.

    You have to create the log by saving it.

    I'm looking at your logs now.
     
    chaslang, Dec 12, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You don't show any malware issues, but I do have somethings you need to take care of.

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 2
    Spybot - Search & Destroy 1.2 <-- this is almost 4 years out of date and is not what we requested that you install in the READ ME. Didn't you ever notice that you could not get updates anymore?

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    You should also install the current version of Spybot as requested in the READ ME.


    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O18 - Protocol: bw+0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {9AC5254C-2718-4A83-A41F-037F0FFB1AE9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    After clicking Fix, exit HJT.

    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created

    Make sure you tell me how things are working now!
     
    chaslang, Dec 12, 2007
    #5
  6. Rich_Lovina

    Rich_Lovina Private E-2

    1. Last 24 hrs, cannot now connect to net on the culprit pc, excepting for Yahoo which I use daily for chat. ( I can get win updates, but AVG refusing updates & default homepage). I'm responding on my other pc which is ok for net, but not ok for Yahoo chat, with calling.) Has yahoo hijacked something?
    2. I have fixed J2SE on culprit but spybot, like AVG, won't update. I uninstalled Avast (3 days ago) because it was also not allowing updates, now same with AVG.
    3. Sorry re Safemode & Spybot, older guy, missing some steps as all earlier Readmes had Safe essential.
    4. Re Combofix, you say "select" the code. Do you mean paste this code in, or select that code when it appears, and then 'fix'?
     
    Rich_Lovina, Dec 12, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try uninstalling your firewall. Any change? If not, try runing the below:

    XP TCP/IP Repair

    Any change?


    What are you referring to? I did not tell you to select any code with ComboFix???? Did you mean HiajckThis? If so, just do what was given in the instructions.
     
    chaslang, Dec 12, 2007
    #7
  8. Rich_Lovina

    Rich_Lovina Private E-2

    Thanks greatly. Firewall uninstal fixed problem. using Sygate Personal, should I now re-install it? And not run any other malware checks.
     
    Rich_Lovina, Dec 12, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes or check out the others mentioned here: How to Protect yourself from malware!

    You dd not have any malware based on your logs.
     
    chaslang, Dec 13, 2007
    #9
  10. Rich_Lovina

    Rich_Lovina Private E-2

    Thanks greatly. Have d/loaded Zone Alarm, only it cuts out access to yahoo chat, no prompts popping up, just locks it out. Presume I need to study where to allow that? In advanced?
     
    Rich_Lovina, Dec 13, 2007
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes! I don't use Yahoo chat so I'm not sure what it is that has to be enabled with ZoneAlarm. Someone in the Software Forum may have done this already. You may want to ask there.
     
    chaslang, Dec 13, 2007
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds