malware spotted

kimmydora · Nov 28, 2010

Hi,

I've spotted malwares in my laptop days ago and followed the steps in the malware removal guide. I don't know however how to interpret the results and wondering if I still have malwares in my notebook. Can anybody please help me interpret these results?

Thanks,
KD

chaslang · Nov 28, 2010

Welcome to Major Geeks!

Other than what has alread been removed, your logs are clean. However you do need to uninstall the below old Sun Java version:

J2SE Runtime Environment 5.0 Update 21

Also the below folders from your logs should probably be deleted. The names shown below is how they appeared in your logs. The questionmarks are due to the file listing program not being able to properly read the real names. You will have to find them by date and time and see what they are.
Code:
d-----w  2010-11-26 08:56:47  C:\Windows\system32\??????????????g???
d-----w  2010-11-26 08:54:46  C:\Windows\system32\??????????????g???
d-----w  2010-11-26 15:15:25  C:\Windows\system32\??????????????g???
d-----w  2010-11-26 15:12:31  C:\Windows\system32\??????????????g???
d-----w  2010-11-26 17:44:06  C:\Windows\system32\??????????????g???
d-----w  2010-11-26 17:40:58  C:\Windows\system32\??????????????g???
Are you currently having any malware problems?

kimmydora · Nov 28, 2010

Welcome to Major Geeks
Click to expand...

Thank you!

Which log are you referring too btw? I'm having some problems locating the folders that I needed to delete. I found 4 folders that are dated 11/26 but the times don't match up

My laptop is a little faster now after I scanned it using the suggested softwares. Running Firefox is still taking too slow. Even though I made google.com as my homepage, it opens with some random page such as prize...com I'm thinking of deleting it instead and make Chrome my primary browser. What do you think?

Thanks again,
KD

chaslang · Nov 29, 2010

kimmydora said: ↑

Which log are you referring too btw?
Click to expand...

Inside of MGlogs.zip you will see a file named newfiles.txt In this file, you can find the below listed
Code:
******************************************************************************
Locating new folders created in C:\Windows\system32 within the last 120 days.   
 
d-----w                 0 2010-09-20 03:05:40  C:\Windows\system32\Adobe
d-----w                 0 2010-08-30 01:17:07  C:\Windows\system32\config
d-----w                 0 2010-11-26 15:35:08  C:\Windows\system32\drivers
d-----w                 0 2010-09-29 15:43:43  C:\Windows\system32\en-US
d-----w                 0 2010-10-23 03:41:57  C:\Windows\system32\Macromed
d-----w                 0 2010-10-15 12:52:30  C:\Windows\system32\migration
d-----w                 0 2010-11-26 08:56:47  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 08:54:46  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 15:15:25  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 15:12:31  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 17:44:06  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 17:40:58  C:\Windows\system32\??????????????g???
kimmydora said: ↑

Even though I made google.com as my homepage, it opens with some random page such as prize...com I'm thinking of deleting it instead and make Chrome my primary browser. What do you think?
Click to expand...

I don't like Chrome. But Firefox should open to the page you choose. Try uninstalling Firefox, reboot and then reinstall.

kimmydora · Dec 1, 2010

chaslang said: ↑

Inside of MGlogs.zip you will see a file named newfiles.txt In this file, you can find the below listed

Code:

******************************************************************************
Locating new folders created in C:\Windows\system32 within the last 120 days.   
 
d-----w                 0 2010-09-20 03:05:40  C:\Windows\system32\Adobe
d-----w                 0 2010-08-30 01:17:07  C:\Windows\system32\config
d-----w                 0 2010-11-26 15:35:08  C:\Windows\system32\drivers
d-----w                 0 2010-09-29 15:43:43  C:\Windows\system32\en-US
d-----w                 0 2010-10-23 03:41:57  C:\Windows\system32\Macromed
d-----w                 0 2010-10-15 12:52:30  C:\Windows\system32\migration
d-----w                 0 2010-11-26 08:56:47  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 08:54:46  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 15:15:25  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 15:12:31  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 17:44:06  C:\Windows\system32\??????????????g???
d-----w                 0 2010-11-26 17:40:58  C:\Windows\system32\??????????????g???

I don't like Chrome. But Firefox should open to the page you choose. Try uninstalling Firefox, reboot and then reinstall.

Click to expand...

Hello,

I still couldn't find the files with those times

The only files I found are two of perfc009.dat and both were modified on 11/26 at 4:24AM. Should I rescan again?

Thanks for your insight regarding Firefox.

chaslang · Dec 1, 2010

kimmydora said: ↑

I still couldn't find the files with those times The only files I found are two of perfc009.dat and both were modified on 11/26 at 4:24AM. Should I rescan again?
Click to expand...

Yes do the below.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

C:\MGlogs.zip

kimmydora · Dec 2, 2010

Hello, here it is..

chaslang · Dec 3, 2010

Those folders are still in your log! Are you sure that you are looking at FOLDERS and not files? You did say files but I said they are folders.

However, if you are not having any malware problems, it is not extremely critical to find and remove these.

kimmydora · Dec 4, 2010

Hi,

Yes, I was looking at the folders (even files) dated at the time you told me. I sorted them as date modified, making it easier, still couldn't find them. But when I used chrome to search for the folders, I found them. The folders are in chinese characters. Do you know how I could get rid of them since they're not showing in Windows/System32?

Thanks

chaslang · Dec 5, 2010

Let's try the below:

Click Start, select Run and copy and paste the below into the run box. Note that there are spaces after the dir and before and after the >

dir C:\windows\system32 > C:\flist.txt

Then attach the C:\flist.txt file that should have been created.

Log in or Sign up

malware spotted

kimmydora Private E-2

Attached Files:

SUPERAntiSpyware Scan Log - 11-26-2010 - 09-02-04.log

mbam-log-2010-11-26 (12-26-19).txt

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kimmydora Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kimmydora Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kimmydora Private E-2

Attached Files:

MGlogs.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kimmydora Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member