I need help finding remaining malware

cal_pc · Sep 13, 2006

Hello,

I have been trying to rid my PC of a viruses I picked up Saturday afternoon (Cowabunga by OIN, SpySheriff, several others). I think I've gotten rid of most of them, but I am still getting a few popups and have some issues with my pc running slow at times.

I have read through the instructions prior to posting to this forum and I hope that all of the information I am submitting is sufficient enough to have someone assist me:

PC Info:
Computer: Dell Inc. Precision WorkStation 670
CPU Type: Intel Pentium 4E, 3000 MHz (3.75 x 800)
System Memory: 1024 MB
Disk Drive (F): HDS722525VLAT80 (250 GB, 7200 RPM, Ultra-ATA/100)
Disk Drive (C): Maxtor 6Y080M0 (80 GB, 7200 RPM, Serial-ATA/150)

I've also include the HijackThis log in the attachment files. During the scan process, I received an error reading. I copied it down and continued the scan. The error message can be found in the file hijackthis-error.txt

Since I have 6 files to upload and only a limit of 3 attachment slots, I have group things together into zip files.

Thank you in advance

chaslang · Sep 14, 2006

Welcome to Majorgeeks!

You have a load of remaining problems! We will have to work this in a few stages.

First a question about two services! Do you know what the below are for:
O23 - Service: Active Common Service - Unknown owner - C:\WINDOWS\system32\commserv.exe (file missing)
O23 - Service: Alterrunmda - Unknown owner - C:\WINDOWS\system32\MEM.EXE

Let's start with the below three procedures.

First goto Add/Remove programs and uninstall all of the below:
Morpheus 5.2 (remove only) <--- use of this is likely the root of many of your problems and it is bundle with malware
Surf SideKick
TargetSaver
TContext
Think-Adz Search Assistant removal
ToolBar888
Web Nexus Network

Now Run this Qoologic Removal Procedure and attach a log from it.

Now Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note: process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.beyondlogic.org/consulting/proc...processutil.htm

IMPORTANT: Do NOT run any other options until you are asked to do so!

chaslang · Sep 14, 2006

After completing my previous instructions and attaching the logs, do the below.

Install the current version of Sun Java from: Sun Java Runtime Environment

Then uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Platform, Enterprise Edition 1.4 SDK
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_03

Log in or Sign up

I need help finding remaining malware

cal_pc Private E-2

Attached Files:

bdscan-activescan.zip

runkeys-newfiles.zip

hijackthis and error message.zip

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member