can't get clean, please look at HijackThis log

Discussion in 'Malware Help (A Specialist Will Reply)' started by Montesa, Jul 15, 2008.

  1. Montesa

    Montesa Private E-2

    I have a system which is being difficult to get completely clean. Please advise if anything is seen in the attached log.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
     
    Last edited by a moderator: Jul 15, 2008
    Montesa, Jul 15, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Jul 15, 2008
    #2
  3. Montesa

    Montesa Private E-2

    Thank you. Let's see if this works better.
     

    Attached Files:

    Montesa, Jul 15, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I also need the logs from:
    SuperAntispyware
    MalwareBytes
    ComboFix
     
    TimW, Jul 15, 2008
    #4
  5. Montesa

    Montesa Private E-2

    Sorry, here they are.
     

    Attached Files:

    Montesa, Jul 15, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks like the scans removed most of it...let's do this:

    Run thisDisable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 4"
    Java(TM) 6 Update 2"
    Java(TM) 6 Update 3

    Now we need to use ComboFix to remove a bunch of malware files.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    o If it is not on your Desktop, the below will not work.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\WINDOWS\system32\ssqPiHxV.dll
C:\WINDOWS\system32\pmnmmNfg.dll
C:\WINDOWS\system32\ddcAqRiG.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{159E1923-5657-4CA7-A31A-4D842030161D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CF0A05E-7D6B-4E00-B836-B3F23513657C}]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6CF0A05E-7D6B-4E00-B836-B3F23513657C}"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcAqRiG]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from ComboFix.
     
    TimW, Jul 16, 2008
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds