Malware Network infection - Computer #3

mlydell · Oct 9, 2006

This is the 3rd computer I've posted logs on. The first two seemed to be the worst ones. I'm posting the other ones to make sure nothing got over the network too bad. I know this on got hit over the network by MSN Messenger.

Here are the first three logs. I'll post the rest in another reply.

I HAVENT TOGGLED SYSTEM RESTORE YET.

mlydell · Oct 9, 2006

Here are the other logs.

Thanks for your help!!

chaslang · Oct 11, 2006

The only item in your logs that looks like a potential problems is the below from HijackThis:

O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\Mark\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup

Do you recognize this as being valid? I doubt it? It not valid, use HJT to fix it then boot into save mode and delete that whole Xerox folder. Any valid program should not be installed and run from a Temp folder anyway.

mlydell · Oct 11, 2006

Weird.i dont recognize that, but know it was prob from an old printer i used to use...

I ran HJT this after getting your post, and that entry didnt show up in my HJT log!!! I wonder if it got deleted since it was in a temp folder.

Any thoughts?

chaslang · Oct 12, 2006

Yes the file was in a temp folder but the O4 line in HJT represents a registry key. It would not go away just by deleting the file in the Temp folder. Something would have to have stop the process that was the root cause of it being in the RUN list.

mlydell · Oct 17, 2006

Thanks!!

chaslang · Oct 19, 2006

You're welcome!

Log in or Sign up

Malware Network infection - Computer #3

mlydell Private First Class

Attached Files:

Activescan.txt

Bdscan.txt

hijackthis.log

mlydell Private First Class

Attached Files:

newfiles.txt

runkeys.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

mlydell Private First Class

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

mlydell Private First Class

chaslang MajorGeeks Admin - Master Malware Expert Staff Member