Caught some kind of nastybad (from Tumblr, maybe?)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by AngelsWilliam, Jul 5, 2011.

  1. AngelsWilliam

    AngelsWilliam Private First Class

    My antivirus program found something on its background scan and on its system scan (don't remember what it was, sorry), and then MBAM found five occurrences of something on the full-system scan I did yesterday. My computer had been running really slow, but I thought it was just business as usual because of my really full hard drive. (That keeps getting fuller and fuller, despite deleting lots of stuff from IncrediMail, which generally takes it down HEAPS; and my constantly deleting all restore files later than a week ago via CCleaner! What gives??? Windows is going to get unstable any day now, dammit, and I can't afford a new hard drive because I'm on disability! I've moved everything I can over to my external...unless you have suggestions as to other things I can move.)

    Anyway, just before these were found, the previous two times I booted my computer (just after doing the check disk and fix any errors routine I do for periodic maintenance) it came up with a message saying something like, "Checking disk...Disk C format NTFS. Cannot read..." and then I never got what it said after that because it left the screen too quickly.

    Naturally, this alarmed me because, as you know by now, I panic easily. I'm broke to the nth degree until my subsidy voucher comes through, which could be until the 12th of never because it depends on the federal government giving the state funding and the state getting enough funding to get it out to an area like mine that "doesn't have as much need" as the big cities.

    So, I've attached my little files in the hopes that you can rescue my computer before it dies and I'm up that lovely brown sludgy creek without a paddle. :(

    Thanks for your help! Oh, RootRepeal still freezes up. It found lots of things that aren't visible to the API, if that tells you anything? They were all in the IncrediMail application folders. Would that have anything to do with the fact that I deleted all text attachments at one point to save disk space? (Yahoo Groups used to tack on text attachments to all messages.)
     

    Attached Files:

    AngelsWilliam, Jul 5, 2011
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Obvious false detections for your Olympus camera. ;) You should undo these.

    Your logs are clean.

    You should post about this in the Hardware Forum, but give exact word for word error messages.
     
    chaslang, Jul 5, 2011
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    However I do notice the below leftovers ( not malware ) should be removed.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - S-1-5-18 Startup: COMODO Firewall.lnk = ? (User 'SYSTEM')
    O4 - .DEFAULT Startup: COMODO Firewall.lnk = ? (User 'Default user')
    O4 - Startup: COMODO Firewall.lnk = ?
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - - (no file)

    After clicking Fix, exit HJT.

    Rescan afterwards and see if they were all removed. It is possible that the service from a-squared may not get fixed this way.
     
    chaslang, Jul 5, 2011
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    And you can delete all those old unncessary hosts file backups that you have in the below folder:

    C:\WINNT\system32\drivers\etc\

    They are wasting almost 17Mb of disk space. All of the below can be removed
    Code:
    ho02cb~1.bac  Oct 23 2008      268797  "hosts.20081024-052441.backup"
ho0339~1.bac  Dec 15 2008      289210  "hosts.20081226-055947.backup"
ho1ffa~1.bac  Apr 30 2008         870  "hosts.20080430-230440.backup"
ho304e~1.bac  Apr 23 2009      304985  "hosts.20090506-004933.backup"
ho31ca~1.bac  May 28 2008      244691  "hosts.20080605-001432.backup"
ho3249~1.bac  Mar 25 2008      228716  "hosts.20080402-023452.backup"
ho325b~1.bac  Apr  2 2008      229978  "hosts.20080402-023838.backup"
ho332e~1.bac  Apr 30 2008      236691  "hosts.20080508-021749.backup"
ho33af~1.bac  Sep 29 2008      266014  "hosts.20081001-123303.backup"
ho378a~1.bac  Aug  5 2008      256715  "hosts.20080808-165314.backup"
ho37b9~1.bac  Sep  1 2008      262612  "hosts.20080903-105246.backup"
ho388a~1.bac  Jan  2 2009      290086  "hosts.20090108-160647.backup"
ho3a4d~1.bac  Apr  2 2008      229978  "hosts.20080402-023814.backup"
ho3a79~1.bac  Feb 19 2009      296543  "hosts.20090309-205940.backup"
ho3aed~1.bac  Jul 21 2008      253037  "hosts.20080805-023217.backup"
ho3daf~1.bac  Oct 30 2008      268452  "hosts.20081105-000012.backup"
ho3dfa~1.bac  Dec 26 2008      290034  "hosts.20090102-025324.backup"
ho3e49~1.bac  Jun 19 2008      250435  "hosts.20080705-203142.backup"
ho3f0d~1.bac  Feb  1 2009      291289  "hosts.20090209-003206.backup"
ho41af~1.bac  Mar  9 2009      301855  "hosts.20090312-061713.backup"
ho4dab~1.bac  Nov 20 2008      287326  "hosts.20081202-023149.backup"
ho5058~1.bac  Apr 16 2008      240025  "hosts.20080418-123658.backup"
ho5237~1.bac  Oct  3 2008      266440  "hosts.20081013-042708.backup"
ho52ea~1.bac  Jul  5 2008      251217  "hosts.20080715-021838.backup"
ho579d~1.bac  Jun  5 2008      249568  "hosts.20080611-165919.backup"
ho5849~1.bac  Jun 18 2008      249881  "hosts.20080619-021853.backup"
ho5cca~1.bac  Aug  8 2008      257725  "hosts.20080814-025218.backup"
ho5f2b~1.bac  Feb  9 2009      291431  "hosts.20090212-060951.backup"
ho6052~1.bac  Aug 20 2008      260784  "hosts.20080822-162806.backup"
ho7522~1.bac  Oct 20 2008      267715  "hosts.20081023-020921.backup"
ho786c~1.bac  Apr 20 2009      304466  "hosts.20090423-001720.backup"
ho815b~1.bac  Oct 13 2008      266612  "hosts.20081020-044638.backup"
ho825d~1.bac  Nov 12 2008      287248  "hosts.20081120-020631.backup"
ho89ab~1.bac  Oct 26 2008      267526  "hosts.20081027-062146.backup"
ho8f8a~1.bac  Oct 24 2008          27  "hosts.20081026-202439.backup"
ho9289~1.bac  Apr 18 2008      240059  "hosts.20080430-225850.backup"
hoa186~1.bac  Aug 27 2008      262612  "hosts.20080901-171508.backup"
hoa84b~1.bac  Oct 29 2008          27  "hosts.20081030-004734.backup"
hob42e~1.bac  Apr  2 2008      229978  "hosts.20080407-170452.backup"
hob45b~1.bac  Jan 26 2009      291015  "hosts.20090201-171645.backup"
hob9e8~1.bac  Mar 29 2009      303137  "hosts.20090403-211651.backup"
hobc9b~1.bac  Apr  3 2009      303525  "hosts.20090408-211949.backup"
hoc928~1.bac  Dec  2 2008      287810  "hosts.20081206-055853.backup"
hocaeb~1.bac  Oct  1 2008      266440  "hosts.20081003-170057.backup"
hocb1b~1.bac  Nov  5 2008      268452  "hosts.20081106-054625.backup"
hocf22~1.bac  Jun 14 2008         736  "hosts.20080618-012807.backup"
hod1cc~1.bac  Apr 14 2008      231931  "hosts.20080416-210213.backup"
hod39c~1.bac  Sep  3 2008      263426  "hosts.20080910-151621.backup"
hod3af~1.bac  Nov  6 2008      286531  "hosts.20081112-211819.backup"
hod7fd~1.bac  Sep 10 2008      263828  "hosts.20080919-112614.backup"
hoda0c~1.bac  Jan  8 2009          27  "hosts.20090116-094319.backup"
hodc1b~1.bac  Feb 12 2009      291346  "hosts.20090219-093728.backup"
hodc4b~1.bac  Apr  7 2008      231328  "hosts.20080414-190147.backup"
hodd5b~1.bac  May  8 2008      238847  "hosts.20080514-174526.backup"
hoe48c~1.bac  Dec  6 2008      288968  "hosts.20081215-011324.backup"
hof209~1.bac  Mar 12 2009      302083  "hosts.20090329-210954.backup"
hof3d9~1.bac  May 24 2008      243433  "hosts.20080528-154243.backup"
hof5fd~1.bac  Jan 16 2009      290515  "hosts.20090126-030330.backup"
hof61b~1.bac  Aug 14 2008      259232  "hosts.20080820-174829.backup"
hof779~1.bac  Sep 19 2008      265950  "hosts.20080929-153454.backup"
hof7da~1.bac  May 14 2008      239123  "hosts.20080524-115614.backup"
hofb0c~1.bac  Apr  8 2009      311525  "hosts.20090420-232124.backup"
hofe6e~1.bac  Aug 22 2008      260734  "hosts.20080827-155517.backup"
hoff09~1.bac  Jul 15 2008      251603  "hosts.20080721-132351.backup"
hosts.bak     Jun 11 2008      249931  "hosts.bak"
hosts.idx     May  6 2009      125568  "hosts.idx"
hosts2~1.bac  May 19 2007         756  "hosts.20080213-131958.backup"
hosts2~2.bac  Feb 13 2008      224700  "hosts.20080220-133130.backup"
hosts2~3.bac  Feb 20 2008      226657  "hosts.20080227-160129.backup"
hosts2~4.bac  Feb 27 2008      227728  "hosts.20080325-005502.backup"
     
    chaslang, Jul 5, 2011
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds