Few problems.

Well, I came across some problems earlier in the week, Running WMP and Quicktime. They keep coming up as illgeal operations, Which have NEVER done this before running the same tasks as I usualy would.

I ran virus scan's thinking maybe a virus was messing around with them, Tried a few places, Trend Micro and BitDefender were the only ones to find one.

Trend Micro found TROJ_SE.69649 But their new setup didn't say what file it was.

BitDefender froze and I never got a result of what virus it found, But the one it found it deleted.

I rebooted after each scan and rescanned for Trend Micro first and It was clean but Bitdefender keeps showing it's finding something and deleting it but freezing after completeing the scan.

I also tried ewido and Mcafee some other one PCPitstop uses it found nothing.

I'm not sure what's going on, But this all happend when I installed FasterFox, Now I'm not saying it's the cause but the day before I ran a scan through Trend Micro and it was clean.

Any Ideas?

 

First, uninstall FasterFox and then attach a current HJT log from normal mode.

 

Here we are.

 

I think I see what's going on...Grrrrr. Danged Mytob worm

 

I need the Panda and Bit Defender logs from the READ ME.

Please see the below thread on how to install and run Ewido Security Suite.

Running Ewido Security Suite ...

 

Ok here's the the ewido scan from Safe Mode and a new normal mode HJT log.

Personally I can't understand why no scanner is detecting the "NetSvc.exe"
This file is known as a variant of the W32.Mytob family...I'm confused and I'm very close to deleting that whole folder I've looked at which mytob variant it would be looked for signs and no other signs were discovered and it deletes without problems in normal mode so it's not being used.

I see no point to the file and I don't feel safe with it on the PC.

 

Panda Activescan Log, Bitdefender keeps freezing at the end, This time it didn't find anything.

 

Ahh the post fell back a bit far.

 

=( Hm

 

I'm sorry, I know you guys are only volunteers and given it's a holiday, I've been waiting a while just wanted to know my logs are ok and or what I should do more to make sure I'm not infected with something that I should be concerned with.

 

Before we begin a fix or anything follow the below steps...

First, download the Mytob Removal Tool. Save to your desktop and run the tool to remove any infected files. After you have ran this tool reboot and procede with WinPFind below.

Download W32.Mytob@mm Removal Tool


Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Here's both the logs.

I looked up the NetSvc file at CastleCops, they say it's a legit file if it's from Intel PROSetWired Folder...So I don't know.

 

Please download HOSTER and then follow the below steps.

• Unzip HOSTER to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.

• Click the X to exit the program.

Now, please look in Add or Remove Programs for the following and Uninstall them if found:

Ewido

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywaybiz

O16 - DPF: {3C403675-B43C-410B-BF56-D4D1FB68356C} (ActiveXPortal Control) - http://72.29.80.113/OCX/gwnet.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

Thanks for the help, Here's new log.

 

Your HJT log is clean, are you having any further problems?

 

Nothing noticable so far, Thanks.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Well BitDefender finally completed without freezing it seems the file it was after was in NAV's quarantine folder, Hopefully it was inactive and safe there and not running rampid. It got deleted and went into Recycle Bin and it detected it there too =P

Here's the log.

 

Just empty the recycle bin and empy the quarantine folder and you'll be ok.