Boy, Am I Tired

Discussion in 'Malware Help (A Specialist Will Reply)' started by paranoidnerd, May 7, 2006.

  1. paranoidnerd

    paranoidnerd Private E-2

    My IE was taken over by an about:blank called systemuptodate DOT com.
    I have searched your forum and followed a good number of the procedures you have listed. I was not able to generate a panda scan log in safe mode however, and made the mistake of rebooting in normal mode and apparently respawning the infection.

    I have run the following over the past several days to try and remove this.

    AVG Free
    A2Squared
    Cleaner
    Panda ActiveScan
    BitDefender
    Hijack This
    SpyBot Search and Destroy
    Ewido Security Suite
    SmitRem

    Any help with this would be appreciated.
     
    Last edited by a moderator: May 7, 2006
    paranoidnerd, May 7, 2006
    #1
  2. paranoidnerd

    paranoidnerd Private E-2

    Oh, I also ran AboutBuster
     
    paranoidnerd, May 7, 2006
    #2
  3. AbbySue

    AbbySue MajorGeeks Administrator

    Please do not post click-able links to anything that has infected your computer. To do so you are increasing the likelihood of spreading the infection to anyone who inadvertently clicks the link.

    - If you have followed all the steps in the Sticky thread READ & RUN ME FIRST Before Asking for Supportplease attach the following logs (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

    Bitdefender
    Panda Scan
    HijackThis
     
    AbbySue, May 7, 2006
    #3
  4. paranoidnerd

    paranoidnerd Private E-2

    I ran the bitdefender and the hijack this and have logs for them. I followed the directions (At least I thought I did) for active scan, but could not figure out how to generate a report for active scan. Any Suggestions?
     
    paranoidnerd, May 7, 2006
    #4
  5. AbbySue

    AbbySue MajorGeeks Administrator

    What part of the below steps did you have a problem with?

    When it finishes the scan click on See Report . Then in the next window click Save Report. The default report name is Activescan.txt. Just save it where you can find it so you can attach to your message.
     
    AbbySue, May 7, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Step 6 explains how to get a log and even gives the below link to provide more helpful info on using Panda and getting a log:

    Using PandaActiveScan
     
    chaslang, May 7, 2006
    #6
  7. paranoidnerd

    paranoidnerd Private E-2

    Sorry to take so long getting these posted. I walked the steps again just to make sure I didn't miss anything. Here are the log reports run just minutes ago.
     

    Attached Files:

    paranoidnerd, May 8, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the direction in step 7 for installing and running HijackThis correctly. You are not running it correctly. You did not extract it from the ZIP file as instructed and you also appear to have obtained the log from safe mode instead of normal boot mode.

    Please install HJT properly. Do this now! (do not get a new log yet though).


    You also need to run the below procedure:

    SpywareQuake Removal Procedure

    Then attach the requested smitfiles.txt log.

    Now attach a new (properly installed) HijackThis log from normal boot mode.
     
    chaslang, May 8, 2006
    #8
  9. paranoidnerd

    paranoidnerd Private E-2

    I can't find smitfiles.txt
    Would it be under another name?
     
    paranoidnerd, May 8, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Nope! And it must exist. It is either in the folder where you installed SmitRem or it is in C:\smitfiles.txt
     
    chaslang, May 8, 2006
    #10
  11. paranoidnerd

    paranoidnerd Private E-2

    You are truly patient people. Here are the logs you requested.
     

    Attached Files:

    paranoidnerd, May 8, 2006
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not download SmitRem from the link in the procedure I gave to you. The reason I say that is that this is not what the log would look like if you had the current version. Please follow the steps exactly as written and download the tool from the link given and make sure you run it and delete whatever old version you had.
     
    chaslang, May 8, 2006
    #12
  13. paranoidnerd

    paranoidnerd Private E-2

    Okay. Let's try this again. I hope I didn't mess it up again.
     

    Attached Files:

    paranoidnerd, May 9, 2006
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    My last message was about SmitRem not HijackThis. I need a smitfiles.txt log after running the proper version of the program.

    Are you using a paid version of Bearshare? If not, you should uninstall it because the free version is infected with malware.

    See this link: http://www.spywareinfo.com/articles/p2p/
     
    chaslang, May 9, 2006
    #14
  15. paranoidnerd

    paranoidnerd Private E-2

    I will do that. It looks at this point however, like the about blank is gone. I will still rerun smitrem and post the file.
     
    paranoidnerd, May 10, 2006
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Just attach the log when you finish and let me know if you are having any other malware problems.
     
    chaslang, May 10, 2006
    #16

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds