Infected Computer

bomber1712 · Aug 4, 2012

I am helping a friend with his computer. It is an HP Pavillion laptop running Win Vista Home Premuim 32 bit. T5450 processor with 3 GB RAM.

It was running very slow, so I ran SAS and MBAM (Could not attach SAS log - only allowed the 4 requested). Once it found numerous malware entries, I decided I needed professional help! I followed the instructions here http://forums.majorgeeks.com/showthread.php?t=35407 and have attached the requested files.

In addition, I ran TDSSKiller and MBR Check. TDSSKiller found one threat (akamai net session? - quarantined)and MBR Checker found that the MBR is not default.

I am hoping this machine can be fixed, but before any of us waste too much time, I would like someone to look at the attached logs to see if it is best to reformat.

Thanks in advance.

TimW · Aug 4, 2012

I am not finding any malware in your logs. Tell me what issues you are having.

bomber1712 · Aug 4, 2012

Thanks for your reply. The computer is running pretty good right now, but SAS and MBAM found so many issues I thought I would check with someone who knows more about this stuff. I can't find the SAS log, which I think is strange. I was concerned with the MBAM Tojan.FakeAlert. I was concerned that several of the requested scans seemed to show some issues, but as instructed, I did not remove anything. I was concerned with the Root Kit that TDSSKiller reported. I was concerned with the MBRCheck notifying me that the MBR appeared to be altered.

With all of that going on, I felt that there must be more that I need to do to clean up the system. But, If you think everything looks OK, I am OK with that.

TimW · Aug 4, 2012

Let me look at your MBR and TDSSKiller logs.

bomber1712 · Aug 4, 2012

Not sure how to get the TDSS log? The file that it found suspicious is "c:\program files\common files\akamai/netsession_win_4f7fccd.dll". It was flagged as a Suspicious file "Akamai (HiddenFile.multi.generic)"

I have attached the MBR. I also was concerned with SAS results. I am not sure what happened to the log, but I remember an entry for a root kit and it had something to do with "Rich Codec". Does that ring any bells?

TimW · Aug 4, 2012

If your not having any malware issues, I wouldn't worry about it. What issues are you having, if any?

bomber1712 · Aug 4, 2012

I am not seeing anything in particular in the performance of the machine (no redirects, strange behavior, etc.). Thanks for your help.

TimW · Aug 5, 2012

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Log in or Sign up

Infected Computer

bomber1712 Private E-2

Attached Files:

HitmanPro_20120804_0931.log

RKreport[1].txt

MGlogs.zip

mbam-log-2012-08-04 (08-55-06).txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

bomber1712 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

bomber1712 Private E-2

Attached Files:

MBRCheck_08.04.12_08.02.52.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

bomber1712 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member