HELP PLEASE- I am Infected with something

Discussion in 'Malware Help (A Specialist Will Reply)' started by delboydel, Jan 12, 2008.

  1. delboydel

    delboydel Private E-2

    I have recently been logging onto my computer and an error message popping up
    saying something to do with C:\WINDOWS\system32\awtst and it wont let me onto my Avg free sontrol center also I cant get onto my Avg free Anti Spyware. I then scan find 5/6 maybe 7 trojans it says it heals them and when i scan again they right back there. Oh and MSN Messenger is not finding the shortcut but was when I first downloaded it. This is my HijackThis report-

    Edit: removed inline Hijackthis log for guide below to be run
     
    delboydel, Jan 12, 2008
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Welcome to Majorgeeks!


    As you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,

    So logs that you will get to attach are:

    MGlogs.zip (which has 5 logs inside it, including Hijackthis, just attach the whole Zip )
    AVG
    Combofix logs.

    http://img144.imageshack.us/img144/9164/90482430fa4.jpg


    After these are attached our malware experts will review these to see if your OK, if not they will issue you some further removal instructions,

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    DavidGP, Jan 12, 2008
    #2
  3. delboydel

    delboydel Private E-2

    I think/hope I have attached the requested logs and I hope you can help me. Thanks
     
    delboydel, Jan 13, 2008
    #3
  4. delboydel

    delboydel Private E-2

    Tried to upload again
     

    Attached Files:

    delboydel, Jan 13, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 3
    Java(TM) 6 Update 2

    Now delete all the below tmp files in the root folder of drive C
    Code:
    "C:\"
pos92e.tmp 13 Jan 2008 6033 "pos92E.tmp"
pos92f.tmp 13 Jan 2008 6033 "pos92F.tmp"
pos930.tmp 13 Jan 2008 13033 "pos930.tmp"
pos931.tmp 13 Jan 2008 11033 "pos931.tmp"
pos932.tmp 13 Jan 2008 9033 "pos932.tmp"
pos933.tmp 13 Jan 2008 10033 "pos933.tmp"
pos934.tmp 13 Jan 2008 13033 "pos934.tmp"
pos935.tmp 13 Jan 2008 5033 "pos935.tmp"
pos936.tmp 13 Jan 2008 9033 "pos936.tmp"
pos937.tmp 13 Jan 2008 12033 "pos937.tmp"
pos938.tmp 13 Jan 2008 6033 "pos938.tmp"
pos939.tmp 13 Jan 2008 7033 "pos939.tmp"
pos93a.tmp 13 Jan 2008 13033 "pos93A.tmp"
pos93b.tmp 13 Jan 2008 6033 "pos93B.tmp"
pos93c.tmp 13 Jan 2008 10033 "pos93C.tmp"
pos93d.tmp 13 Jan 2008 7033 "pos93D.tmp"
pos93e.tmp 13 Jan 2008 13033 "pos93E.tmp"
pos93f.tmp 13 Jan 2008 13033 "pos93F.tmp"
pos940.tmp 13 Jan 2008 14033 "pos940.tmp"
pos941.tmp 13 Jan 2008 8033 "pos941.tmp"
pos942.tmp 13 Jan 2008 9033 "pos942.tmp"
pos943.tmp 13 Jan 2008 8033 "pos943.tmp"
pos944.tmp 13 Jan 2008 10033 "pos944.tmp"
pos945.tmp 13 Jan 2008 13033 "pos945.tmp"
pos946.tmp 13 Jan 2008 11033 "pos946.tmp"
pos947.tmp 13 Jan 2008 6033 "pos947.tmp"
pos948.tmp 13 Jan 2008 8033 "pos948.tmp"
pos949.tmp 13 Jan 2008 7033 "pos949.tmp"
pos94a.tmp 13 Jan 2008 14033 "pos94A.tmp"
pos94b.tmp 13 Jan 2008 9033 "pos94B.tmp"
pos94c.tmp 13 Jan 2008 9033 "pos94C.tmp"
pos94d.tmp 13 Jan 2008 7033 "pos94D.tmp"
pos94e.tmp 13 Jan 2008 11033 "pos94E.tmp"
pos94f.tmp 13 Jan 2008 13033 "pos94F.tmp"
pos950.tmp 13 Jan 2008 8033 "pos950.tmp"
pos951.tmp 13 Jan 2008 11033 "pos951.tmp"
pos952.tmp 13 Jan 2008 13033 "pos952.tmp"
pos953.tmp 13 Jan 2008 10033 "pos953.tmp"
pos954.tmp 13 Jan 2008 9033 "pos954.tmp"
pos955.tmp 13 Jan 2008 12033 "pos955.tmp"
pos956.tmp 13 Jan 2008 14033 "pos956.tmp"
pos957.tmp 13 Jan 2008 11033 "pos957.tmp"
pos958.tmp 13 Jan 2008 8033 "pos958.tmp"
pos959.tmp 13 Jan 2008 8033 "pos959.tmp"
pos95a.tmp 13 Jan 2008 14033 "pos95A.tmp"
pos95b.tmp 13 Jan 2008 5033 "pos95B.tmp"
pos95c.tmp 13 Jan 2008 5033 "pos95C.tmp"
pos95d.tmp 13 Jan 2008 11033 "pos95D.tmp"
pos95e.tmp 13 Jan 2008 6033 "pos95E.tmp"
pos95f.tmp 13 Jan 2008 12033 "pos95F.tmp"
pos960.tmp 13 Jan 2008 14033 "pos960.tmp"
pos961.tmp 13 Jan 2008 14033 "pos961.tmp"
pos962.tmp 13 Jan 2008 5033 "pos962.tmp"
pos963.tmp 13 Jan 2008 13033 "pos963.tmp"
pos964.tmp 13 Jan 2008 11033 "pos964.tmp"
pos965.tmp 13 Jan 2008 12033 "pos965.tmp"
pos966.tmp 13 Jan 2008 8033 "pos966.tmp"
pos967.tmp 13 Jan 2008 8033 "pos967.tmp"
pos968.tmp 13 Jan 2008 14033 "pos968.tmp"
pos969.tmp 13 Jan 2008 10033 "pos969.tmp"
pos96a.tmp 13 Jan 2008 14033 "pos96A.tmp"
pos96b.tmp 13 Jan 2008 14033 "pos96B.tmp"
pos96c.tmp 13 Jan 2008 8033 "pos96C.tmp"
pos96d.tmp 13 Jan 2008 7033 "pos96D.tmp"
pos96e.tmp 13 Jan 2008 5033 "pos96E.tmp"
pos96f.tmp 13 Jan 2008 10033 "pos96F.tmp"
pos970.tmp 13 Jan 2008 6033 "pos970.tmp"
pos971.tmp 13 Jan 2008 6033 "pos971.tmp"
pos972.tmp 13 Jan 2008 6033 "pos972.tmp"
pos973.tmp 13 Jan 2008 6033 "pos973.tmp"
pos974.tmp 13 Jan 2008 13033 "pos974.tmp"
pos975.tmp 13 Jan 2008 8033 "pos975.tmp"
pos976.tmp 13 Jan 2008 12033 "pos976.tmp"
pos977.tmp 13 Jan 2008 13033 "pos977.tmp"
pos978.tmp 13 Jan 2008 11033 "pos978.tmp"
pos979.tmp 13 Jan 2008 13033 "pos979.tmp"
pos97a.tmp 13 Jan 2008 13033 "pos97A.tmp"
pos97b.tmp 13 Jan 2008 14033 "pos97B.tmp"
pos97c.tmp 13 Jan 2008 11033 "pos97C.tmp"
pos97d.tmp 13 Jan 2008 8033 "pos97D.tmp"
pos97e.tmp 13 Jan 2008 10033 "pos97E.tmp"
pos97f.tmp 13 Jan 2008 7033 "pos97F.tmp"
pos980.tmp 13 Jan 2008 7033 "pos980.tmp"
pos981.tmp 13 Jan 2008 12033 "pos981.tmp"
pos982.tmp 13 Jan 2008 13033 "pos982.tmp"
pos983.tmp 13 Jan 2008 5033 "pos983.tmp"
pos984.tmp 13 Jan 2008 10033 "pos984.tmp"
pos985.tmp 13 Jan 2008 14033 "pos985.tmp"
pos986.tmp 13 Jan 2008 7033 "pos986.tmp"
pos987.tmp 13 Jan 2008 9033 "pos987.tmp"
pos988.tmp 13 Jan 2008 12033 "pos988.tmp"
pos989.tmp 13 Jan 2008 6033 "pos989.tmp"
pos98a.tmp 13 Jan 2008 8033 "pos98A.tmp"
pos98b.tmp 13 Jan 2008 10033 "pos98B.tmp"
pos98c.tmp 13 Jan 2008 9033 "pos98C.tmp"
pos98d.tmp 13 Jan 2008 9033 "pos98D.tmp"
pos98e.tmp 13 Jan 2008 8033 "pos98E.tmp"
pos98f.tmp 13 Jan 2008 13033 "pos98F.tmp"
pos990.tmp 13 Jan 2008 6033 "pos990.tmp"
pos991.tmp 13 Jan 2008 6033 "pos991.tmp"
pos992.tmp 13 Jan 2008 13033 "pos992.tmp"
pos993.tmp 13 Jan 2008 8033 "pos993.tmp"
pos994.tmp 13 Jan 2008 11033 "pos994.tmp"
pos995.tmp 13 Jan 2008 12033 "pos995.tmp"
pos996.tmp 13 Jan 2008 5033 "pos996.tmp"
pos997.tmp 13 Jan 2008 7033 "pos997.tmp"
pos998.tmp 13 Jan 2008 13033 "pos998.tmp"
pos999.tmp 13 Jan 2008 13033 "pos999.tmp"
pos99a.tmp 13 Jan 2008 11033 "pos99A.tmp"
pos99b.tmp 13 Jan 2008 5033 "pos99B.tmp"
pos99c.tmp 13 Jan 2008 12033 "pos99C.tmp"
pos99d.tmp 13 Jan 2008 5033 "pos99D.tmp"
pos99e.tmp 13 Jan 2008 14033 "pos99E.tmp"
pos99f.tmp 13 Jan 2008 7033 "pos99F.tmp"
pos9a0.tmp 13 Jan 2008 12033 "pos9A0.tmp"
pos9a1.tmp 13 Jan 2008 14033 "pos9A1.tmp"
pos9a2.tmp 13 Jan 2008 13033 "pos9A2.tmp"
pos9a3.tmp 13 Jan 2008 12033 "pos9A3.tmp"
pos9a4.tmp 13 Jan 2008 11033 "pos9A4.tmp"
pos9a5.tmp 13 Jan 2008 12033 "pos9A5.tmp"
pos9a6.tmp 13 Jan 2008 6033 "pos9A6.tmp"
pos9a7.tmp 13 Jan 2008 12033 "pos9A7.tmp"
pos9a8.tmp 13 Jan 2008 11033 "pos9A8.tmp"
pos9a9.tmp 13 Jan 2008 14033 "pos9A9.tmp"
pos9aa.tmp 13 Jan 2008 8033 "pos9AA.tmp"
pos9ab.tmp 13 Jan 2008 6033 "pos9AB.tmp"
pos9ac.tmp 13 Jan 2008 11033 "pos9AC.tmp"
pos9ad.tmp 13 Jan 2008 6033 "pos9AD.tmp"
pos9ae.tmp 13 Jan 2008 6033 "pos9AE.tmp"
pos9af.tmp 13 Jan 2008 11033 "pos9AF.tmp"
pos9b0.tmp 13 Jan 2008 12033 "pos9B0.tmp"
pos9b1.tmp 13 Jan 2008 11033 "pos9B1.tmp"
pos9b2.tmp 13 Jan 2008 12033 "pos9B2.tmp"
pos9b3.tmp 13 Jan 2008 7033 "pos9B3.tmp"
pos9b4.tmp 13 Jan 2008 10033 "pos9B4.tmp"
pos9b5.tmp 13 Jan 2008 10033 "pos9B5.tmp"
pos9b6.tmp 13 Jan 2008 12033 "pos9B6.tmp"
pos9b7.tmp 13 Jan 2008 7033 "pos9B7.tmp"
pos9b8.tmp 13 Jan 2008 9033 "pos9B8.tmp"
pos9b9.tmp 13 Jan 2008 13033 "pos9B9.tmp"
pos9ba.tmp 13 Jan 2008 12033 "pos9BA.tmp"
pos9bb.tmp 13 Jan 2008 12033 "pos9BB.tmp"
pos9bc.tmp 13 Jan 2008 11033 "pos9BC.tmp"
pos9bd.tmp 13 Jan 2008 5033 "pos9BD.tmp"
pos9be.tmp 13 Jan 2008 5033 "pos9BE.tmp"
pos9bf.tmp 13 Jan 2008 11033 "pos9BF.tmp"
pos9c0.tmp 13 Jan 2008 8033 "pos9C0.tmp"
pos9c1.tmp 13 Jan 2008 11033 "pos9C1.tmp"
pos9c2.tmp 13 Jan 2008 6033 "pos9C2.tmp"
pos9c3.tmp 13 Jan 2008 14033 "pos9C3.tmp"
pos9c4.tmp 13 Jan 2008 13033 "pos9C4.tmp"
pos9c5.tmp 13 Jan 2008 5033 "pos9C5.tmp"
pos9c6.tmp 13 Jan 2008 5033 "pos9C6.tmp"
pos9c7.tmp 13 Jan 2008 13033 "pos9C7.tmp"
pos9c8.tmp 13 Jan 2008 14033 "pos9C8.tmp"
pos9c9.tmp 13 Jan 2008 10033 "pos9C9.tmp"
pos9ca.tmp 13 Jan 2008 6033 "pos9CA.tmp"
pos9cb.tmp 13 Jan 2008 13033 "pos9CB.tmp"
pos9cc.tmp 13 Jan 2008 9033 "pos9CC.tmp"
pos9cd.tmp 13 Jan 2008 5033 "pos9CD.tmp"
pos9ce.tmp 13 Jan 2008 11033 "pos9CE.tmp"
pos9cf.tmp 13 Jan 2008 5033 "pos9CF.tmp"
pos9d0.tmp 13 Jan 2008 5033 "pos9D0.tmp"
pos9d1.tmp 13 Jan 2008 7033 "pos9D1.tmp"
pos9d2.tmp 13 Jan 2008 7033 "pos9D2.tmp"
pos9d3.tmp 13 Jan 2008 5033 "pos9D3.tmp"
pos9d4.tmp 13 Jan 2008 10033 "pos9D4.tmp"
pos9d5.tmp 13 Jan 2008 8033 "pos9D5.tmp"
pos9d6.tmp 13 Jan 2008 7033 "pos9D6.tmp"
pos9d7.tmp 13 Jan 2008 11033 "pos9D7.tmp"
pos9d8.tmp 13 Jan 2008 5033 "pos9D8.tmp"
pos9d9.tmp 13 Jan 2008 9033 "pos9D9.tmp"
pos9da.tmp 13 Jan 2008 10033 "pos9DA.tmp"
pos9db.tmp 13 Jan 2008 10033 "pos9DB.tmp"
pos9dc.tmp 13 Jan 2008 12033 "pos9DC.tmp"
pos9dd.tmp 13 Jan 2008 14033 "pos9DD.tmp"
pos9de.tmp 13 Jan 2008 7033 "pos9DE.tmp"
pos9df.tmp 13 Jan 2008 13033 "pos9DF.tmp"
pos9e0.tmp 13 Jan 2008 14033 "pos9E0.tmp"
pos9e1.tmp 13 Jan 2008 14033 "pos9E1.tmp"
pos9e2.tmp 13 Jan 2008 14033 "pos9E2.tmp"
pos9e3.tmp 13 Jan 2008 14033 "pos9E3.tmp"
pos9e4.tmp 13 Jan 2008 11033 "pos9E4.tmp"
pos9e5.tmp 13 Jan 2008 9033 "pos9E5.tmp"
pos9e6.tmp 13 Jan 2008 8033 "pos9E6.tmp"
pos9e7.tmp 13 Jan 2008 12033 "pos9E7.tmp"
pos9e8.tmp 13 Jan 2008 14033 "pos9E8.tmp"
pos9e9.tmp 13 Jan 2008 14033 "pos9E9.tmp"
pos9ea.tmp 13 Jan 2008 6033 "pos9EA.tmp"
pos9eb.tmp 13 Jan 2008 14033 "pos9EB.tmp"
pos9ec.tmp 13 Jan 2008 14033 "pos9EC.tmp"
pos9ed.tmp 13 Jan 2008 13033 "pos9ED.tmp"
pos9ee.tmp 13 Jan 2008 14033 "pos9EE.tmp"
pos9ef.tmp 13 Jan 2008 11033 "pos9EF.tmp"
pos9f0.tmp 13 Jan 2008 11033 "pos9F0.tmp"
pos9f1.tmp 13 Jan 2008 12033 "pos9F1.tmp"
pos9f2.tmp 13 Jan 2008 10033 "pos9F2.tmp"
pos9f3.tmp 13 Jan 2008 12033 "pos9F3.tmp"
pos9f4.tmp 13 Jan 2008 12033 "pos9F4.tmp"
pos9f5.tmp 13 Jan 2008 8033 "pos9F5.tmp"
pos9f6.tmp 13 Jan 2008 12033 "pos9F6.tmp"
pos9f7.tmp 13 Jan 2008 11033 "pos9F7.tmp"
pos9f8.tmp 13 Jan 2008 10033 "pos9F8.tmp"
pos9f9.tmp 13 Jan 2008 6033 "pos9F9.tmp"
pos9fa.tmp 13 Jan 2008 7033 "pos9FA.tmp"
pos9fb.tmp 13 Jan 2008 6033 "pos9FB.tmp"
pos9fc.tmp 13 Jan 2008 12033 "pos9FC.tmp"
pos9fd.tmp 13 Jan 2008 10033 "pos9FD.tmp"
pos9fe.tmp 13 Jan 2008 11033 "pos9FE.tmp"
pos9ff.tmp 13 Jan 2008 13033 "pos9FF.tmp"
posa00.tmp 13 Jan 2008 9033 "posA00.tmp"
posa01.tmp 13 Jan 2008 14033 "posA01.tmp"
posa02.tmp 13 Jan 2008 8033 "posA02.tmp"
posa03.tmp 13 Jan 2008 13033 "posA03.tmp"
posa04.tmp 13 Jan 2008 10033 "posA04.tmp"
posa05.tmp 13 Jan 2008 6033 "posA05.tmp"
posa06.tmp 13 Jan 2008 11033 "posA06.tmp"
posa07.tmp 13 Jan 2008 9033 "posA07.tmp"
posa08.tmp 13 Jan 2008 14033 "posA08.tmp"
posa09.tmp 13 Jan 2008 11033 "posA09.tmp"
posa0a.tmp 13 Jan 2008 14033 "posA0A.tmp"
posa0b.tmp 13 Jan 2008 10033 "posA0B.tmp"
posa0c.tmp 13 Jan 2008 9033 "posA0C.tmp"
posa0d.tmp 13 Jan 2008 12033 "posA0D.tmp"
    Also delete the below two files
    C:\WINDOWS\smdat32a.sys
    C:\WINDOWS\smdat32m.sys

    Now reboot

    After reboot, run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created.

    Make sure you tell me how things are working now!
     
    chaslang, Jan 13, 2008
    #5
  6. delboydel

    delboydel Private E-2

    "Make sure you tell me how things are working now!"

    Yesterday something really bad happened and now a major file is missing and I have to completly refromat my computer :cry .

    I am very sorry that I did not wait to try out your method but thank you very much fo your time towards my computer.

    I may use this forum again (after i have reformatted my computer) so I may be back :wave .
     
    Last edited: Jan 14, 2008
    delboydel, Jan 14, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Jan 14, 2008
    #7
  8. delboydel

    delboydel Private E-2

    I think I worked out what was causing the viruses:D. This websites :

    www. watchthesimpsonsonline. com

    Or any websites associated with it.

    Please warn other people about this website.

    Oh B.T.W My step-dad upgraded my computer to VISTA I am very happy!
     
    Last edited by a moderator: Jan 14, 2008
    delboydel, Jan 14, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have fun with your new OS.
     
    chaslang, Jan 14, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds