Hi Jack this Log-Qoologic Problem & may have others

Discussion in 'Malware Help (A Specialist Will Reply)' started by themeangel, Dec 20, 2005.

  1. themeangel

    themeangel Private E-2

    I tried everything suggested. And still seem to be having problems, I have a Program starting up with A Random name. I delete it. And it pops up again with a new Name..
    I Started in Safe Mode.
    Ran CCleaner.
    Ran the Microsoft Malicious software tool.
    It found one entry and deleted it.
    Then ran the Microsoft Spyware Program. It found numerous problems & I fixed all of them.
    SpyBot found 1 - fixed it.
    Adware none.
    Rebooted in Normal mode.
    still have problems
    I then went to Bit Defender. and ran an online Scan.
    I do have the Scan Report Saved-attached also
    I am attaching my HI-Jack log-
     

    Attached Files:

    themeangel, Dec 20, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You skipped at least one step from the READ & RUN ME:
    Please run this scan and attach the log.
     
    chaslang, Dec 20, 2005
    #2
  3. themeangel

    themeangel Private E-2

    I've attached the panda scan log.
    I actually ran this twice. The first time I went down the list and tried to Delete everything I could listed as SpyWear. But I have my computer set to show hidden files and folders. And I still cannot find some of these files.
    And I still have the program which names itself random letters pop up everytime I turn on the computer. Right now I have the Microsoft Spywear Program blocking them from going in the start up registry. But the minute I delete the program another one with a new name pops up. I cannot find what is Spawning this program. Thanks for any help you can give.
     

    Attached Files:

    themeangel, Dec 21, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First download and install: ExplorerXP

    We will use it later to delete hidden files. It is much better at finding hidden files than Windows Explorer and it will show all the files in the Downloaded Programs Files folder that Windows Explorer will not show at all. This will make it easier for you.

    Looks like you did not run CCleaner. Items would not be in your Recycle Bin if you had. Unless you deleted them after running CCleaner. Empty the Recycle Bin.

    Now goto to Add/Remove programs and uninstall any of the below if found:
    QuickSearch
    Maxfiles
    ClkOptimizer
    AzeSearch


    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\kvmxn.dll
    O4 - HKLM\..\RunOnce: [6lj1q6.exe] C:\WINDOWS\System32\6lj1q6.exe /k
    O4 - HKCU\..\RunOnce: [6lj1q6.exe] C:\WINDOWS\System32\6lj1q6.exe /k
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    After clicking Fix, exit HJT.
    Boot into safe mode and use ExplorerXP to find and delete    :
    C:\WINDOWS\system32\kvmxn.dll
    C:\WINDOWS\System32\6lj1q6.exe

    Then use ExplorerXP to delete all the filenames given in the PandaActiveScan log.

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working. You may want to run a new PandaScan too to make sure you got everything. I know it takes a long time to run but the goal is to make sure you are clean.


    Then use ExplorerXP to delete all the filenames given in the PandaActiveScan log. If they cannot delete (because they are in use) try it again after booting in safe mode.
     
    chaslang, Dec 21, 2005
    #4
  5. themeangel

    themeangel Private E-2

    I got the WindowsXP explorer tool.
    Also Deleted everything you said in Hi-Jack.
    I've reset all my IE pages.
    I started up in safe mode and used the CCLeaner again and used the XP explorer tool to delete everything I could.
    I am on the internet tonight and I have not had a ton of pop ups like normal
    so maybe it all worked. I am ataching my new HiJack this log.
    And I am currently running a new PANDA Scan. But that will take hours.
    Thanks for your help
     

    Attached Files:

    themeangel, Dec 23, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Post the Panda log when it finishes and then let me know if things are still looking good.
     
    chaslang, Dec 23, 2005
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds