malware probs plzhelp

framalama · Mar 29, 2006

Hi ran basic procedure twice then ran , trojan hunte,r and now have run ewido twice, somethings locked into my startup menu , among other things, problem is im a novice at pc I can finally use the net for a while it was downloading pkgs without my consent,currently running kapernsky anti virus thanks for all your help already guys,also the cursors jumping around a bit when I type,I messed around with start menu a little and some other programs when I got desperate{i know this was probably stupid]I also tried some special procedures for some of thethings i recognized.Basically the virus was hijacking my computer,a laptop and going online and downloading spyware,trojans,andworms I think....please help...Ill include my latest logs from hijack this and everything else thanks guys

chaslang · Mar 29, 2006

Welcome to Majorgeeks!

You HijackThis log shows nothing of interest. You need to follow our standard cleaning procedures so we can dig deeper.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

Bitdefender

Panda Scan

HijackThis

.

framalama · Mar 29, 2006

Hey thanks CHASLANG MAYBE i WASNT CLEAR IN MY POST SORRY, i RAN STANDARD CLEANING TWICE UNTIL STEP 5 ,DO NOT HAVE THE CONNECT TO NETWORKS OPTION IN SAFE MODE ,RUNNING XP ,SO i HAD TO REBOOT IN NORMAL MODE.. AT FIRST i WAS GETTING BOMBARDED BY ADWARE AND TROJANS,KAPERNSKY ANTI VIRUS DETECTED 3456 ITEMS AFTER i WENT ON THE INTERNET WITH IT DISABLED,sO i DID SOME MORE SCANS AND CLEANS AND THEN STARTED ALL OVER AGAIN AT STEP ONE,i FINALLY GOT TO A POINT NOW WHERE i COULD GO ONLINE WITHOUT TOO MUCH ACTIVITY,i THEN RAN BIT DEFENDER AND PANDA AS PER INSTRUCTED AFTER DOING STEPS 1-5,SCANS ARE YIELDING LESS AND LESS INFECTIONS ,ALSO HAVE RUN EWIDO AND SPY SWEEPER,SPY SWEEPER SAID i HAVE MATCASH TROJAN.iM NOT AT THE INFECTED COMPUTER RIGHT NOW BUT i WILL POST CURRENT LOGS FROM PROGRAMS AS SOON AS i GET TO IT.3 QUESTIONS....1). SHOULD i START OVER AT STEP 1 AGAIN[PLEASE SAY NO!]? 2)wHICH LOGS ARE MOST IMPORTANT OR SHOULD i POST EACH LOG FROM EACH STEP?3)aM i POSTING CORRECTLY CUZ i READ THE INSTRUCTIONS AND THOUGHT i DID IT RIGHT. tHANKS AGAIN

framalama · Mar 29, 2006

Hey thanks CHASLANG MAYBE i WASNT CLEAR IN MY POST SORRY, i RAN STANDARD CLEANING TWICE UNTIL STEP 5 ,DO NOT HAVE THE CONNECT TO NETWORKS OPTION IN SAFE MODE ,RUNNING XP ,SO i HAD TO REBOOT IN NORMAL MODE.. AT FIRST i WAS GETTING BOMBARDED BY ADWARE AND TROJANS,KAPERNSKY ANTI VIRUS DETECTED 3456 ITEMS AFTER i WENT ON THE INTERNET WITH IT DISABLED,sO i DID SOME MORE SCANS AND CLEANS AND THEN STARTED ALL OVER AGAIN AT STEP ONE,i FINALLY GOT TO A POINT NOW WHERE i COULD GO ONLINE WITHOUT TOO MUCH ACTIVITY,i THEN RAN BIT DEFENDER AND PANDA AS PER INSTRUCTED AFTER DOING STEPS 1-5,SCANS ARE YIELDING LESS AND LESS INFECTIONS ,ALSO HAVE RUN EWIDO AND SPY SWEEPER,SPY SWEEPER SAID i HAVE MATCASH TROJAN.iM NOT AT THE INFECTED COMPUTER RIGHT NOW BUT i WILL POST CURRENT LOGS FROM PROGRAMS AS SOON AS i GET TO IT.3 QUESTIONS....1). SHOULD i START OVER AT STEP 1 AGAIN[PLEASE SAY NO!]? 2)wHICH LOGS ARE MOST IMPORTANT OR SHOULD i POST EACH LOG FROM EACH STEP?3)aM i POSTING CORRECTLY CUZ i READ THE INSTRUCTIONS AND THOUGHT i DID IT RIGHT. tHANKS AGAIN

chaslang · Mar 29, 2006

No! According to the HijackThis log you posted, you have not run all of the READ & RUN ME.

At a minimum here is what I observe:
- Spybot was not run (at least it was not installed per the directions in the READ ME using SDhelper)
- MS Windows Defender was not run
- step 6 was not run at all and the two required logs were not attached.
- And the instructions in step 7 for installing HijackThis properly were not followed.

If you want an answer based simply upon posting your HijackThis log, then we are already finished because there is nothing in it.

Please do not take this the wrong way, but please do not put message in all capital letters. They will be ignored. Please use proper spelling, punctuation, and capitalization in the proper places And do not have run on sentences. I read too many messages per day and just cannot deal with trying to read messages like this.

Also please do not post duplicate messages. Bumping your thread just makes it take longer to get an answer because you loose your place in the queue.

Log in or Sign up

malware probs plzhelp

framalama Private E-2

Attached Files:

hijackthis.log2.txt

ewido Process report_20060329.txt.txt

ewido Connection report_20060329.txt.txt

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

framalama Private E-2

framalama Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member