Multiple Possible Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by justworldtheory, Feb 27, 2007.

  1. justworldtheory

    justworldtheory Private E-2

    So this all started off about 3 or 4 days ago with a few different problems

    1) My computer started informing me of a memory problem or something of the sort and that it was going to shut down. It said someting along the lines of "NTAUTHORITY/SYSTEM," a location on my computer with "system32.service.exe," and a number 1073741819. The computer would shut down and then i would restart and it would get the memory problem again and the same thing would happen about 2 or three times and then would just stop

    2) I have been gettting notices by my trendo pc micro-cillan about i think it was a trojan but three names came up: ADW_CYDOOR.C, ADW_WEBDIR.AA, and ADW_ADSPY.AW. My virus software catches at least 15-20 each day. I am glad that it catches it but cant stop wondering if something is trapped in my computer or someone keeps trying to get into it.

    3) And may be unrelated to spyware, malware, and the likes. I got a Logitec digital cam for x-mas and I was using it for awhile with no problems. Around this past weekend, I would use it in conjunction with my AIM6.0 to talk to friends and about 5 minutes in my screen would get the blue screen of death and my computer would restart. Ive tried uninstalling the cam and there are always problems with "memory" and not being able to write something. Even reinstalling it, i get the same problems. Now I am afraid to use it.


    I went through the tutorial on what to do before posting this. It was helpful and found a few viruses and what nots. I just finished it this morning but was wondering if anyone could just look over the results of my Ccleaner, CounterSpy, BitDefender, Pandaware, GetKey, Show New, and HijackThis Logs? I am probably considered a novice at computers but I was brave enough to go through all of that and it was pretty easy for me, but any help that you could give me might have to be put in laymens terms :0). Thank you for your help in the future
     

    Attached Files:

    justworldtheory, Feb 27, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    You need to attach proper text file logs! The first log you attached ( February 27, 2007.txt ) is not formatted in a form that is legible (check it for yourself). In the future please save all files as plain text (i.e. do not use MS Word to edit the files just use notepad) using the directions specified in the READ ME. Also do no combine multiple logs into one file. What you inserted in the above file for Bitdefender is not the requested log. It is only a log summary and is of no use.

    I will fix the files this time myself but please do not manipulate the logs in the future. Attach them exactly how we request. I'm attaching the corrected files here.

    Now re-run CounterSpy and have it Quarantine or Delete what it finds. You ignore everything. Then attach the new log from it (in plain text form).

    Also please go back and complete step 2 of the READ ME exactly as requested you missed some steps.

    Now uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
    Mozilla Firefox (1.5.0.10)

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Then install the current version of FireFox from: Mozilla Firefox

    Continue by downloading a tool we will need - Pocket KillBox

    Save it to its own folder somewhere that you will be able to locate it later.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: CVirtualDNSObj Object - {86C510E9-97EF-4749-914F-0280247BE3A6} - C:\WINDOWS\VirtualDNS.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Kyle\LOCALS~1\Temp\hpdj.exe (file missing)

    After clicking Fix, exit HJT.

    Now run Pocket Killbox by doubleclicking on killbox.exe
    • select File, Cleanup, Delete All Backups
    • Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    • Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\1170266061.exe
    C:\WINDOWS\system32\msihsh32.exe
    C:\WINDOWS\mickey32.dll
    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    Now run Ccleaner!

    Now attach the below new logs and tell me how the above steps went.

    1. CounterSpy
    2. GetRunKey
    3. ShowNew
    4. HJT


    Make sure you tell me how things are working now!

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     

    Attached Files:

    Last edited: Mar 1, 2007
    chaslang, Mar 1, 2007
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds