HJT log

Discussion in 'Malware Help (A Specialist Will Reply)' started by cstewart, Apr 22, 2006.

  1. cstewart

    cstewart Private E-2

    I've run through the recommended procedure and attached the logs from the various scans.

    The problem I'm running into is that when I click some links it sends me to a different address than it should. Usually a site to buy antivirus software, ebay or to a google search of random keywords. Any help would be appreciated.
     

    Attached Files:

    cstewart, Apr 22, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Your forgot to uninstall Viewpoint Manager during step 0 of the READ & RUN ME! Did you skip this step?

    You have a Wareout infection!

    Look in Add/Remove programs for UnSpyPC and uninstall if found.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe
    • Save it to your desktop and then run it by double clicking on it. It creates a folder named c:\fixwareout.
    • Click Next, then Install.
    • Then make sure Run fixit is checked (this runs C:\fixwareout\fixit.bat). And then click Finish.
    • The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so.
    • Your system may take longer than usual to load; this is normal.
    • When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items if they still exist:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O1 - Hosts: localhost 127.0.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2EFDAC4A-CED3-422B-9873-3750C22BACFF}: NameServer = 85.255.115.76,85.255.112.149
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E377D072-E7D4-4191-ACB4-97834D13AEDC}: NameServer = 85.255.115.76,85.255.112.149


    After clicking Fix Checked, close HijackThis, and click OK to proceed.

    At the end of the fix, reboot into safe mode and use Windows Explorer to double check for the below files and delete if found:
    C:\Program Files\UnSpyPC <--- delete the whole folder if found

    Now reboot into normal mode and please attach the contents of the logfile C:\fixwareout\report.txt

    There could be additional cleanup to do from Wareout and it the log will let us know.

    Also attach a new HijackThis log.

    Also tell me how things are working now.
     
    chaslang, Apr 23, 2006
    #2
  3. cstewart

    cstewart Private E-2

    I uninstalled viewpoint manager and viewpoint media player and ran fixwareout. Everything seems to be working fine now. Here's the latest logs.
     

    Attached Files:

    cstewart, Apr 23, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log is clean.

    Just locate and delete the below file:
    C:\WINNT\System32\CSYSP.EXE

    If you are not having any other malware problems, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Apr 23, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds