possible malware altered start up tray

ok i have followed the new read and run me for a windows xp machine and attached the scans

the problem im still having is that when i start up the computer in any user account only the sound properties icon appears n the system tray. No anti-virus or firewall appears here, however, since the three scans performed in the read and run me first tutorial the trial version of avg a.s now opens up in system tray.

The only visible explanation I can come up with is that before I did the read and run me tutorial I deleted a start up process using c cleaner.this was only a msn messenger start up reocess that poped up asking users to log onto the service . At around this time the computer started to act strange. Then I ran scans and found malware. Immediately I disconnected the internet from the computer and blocked traffic after manually opening za firewall.

I then completed the read and run me first tutorial and it appears that the computer is free of malware, however, I do not want to connect it back to the internet yet as the system tray start up still hasn't resolved itself.

Side note: The window security centre is telling me that my firewall and my anti-virus are active, however, I believe this to be untrue as
a) the scans showed so much malware and
b) they are invisible in the system tray


thanks for all help provide

fergal

 

Hi fergal!
I'm looking at your logs. As you may know, this takes awhile.
Thanks for your patience!
abri

 

Hi ferg46,

I don't see any signs of malware in your logs now. This doesn't mean you don't have any malware; it means your logs are clean. It's possible that the reason the AVG Antispyware icon shows up in the system tray is because you installed it after the problems began. Have you checked the Task Manager (Ctrl-Alt-Del) to see if your antivirus and firewall are running? Have you tried uninstalling and reinstalling either your antivirus or firewall to see if they show up after being reinstalled? I don't know about Nod, but many of the antivirus programs have repair installations on the cd.

For problems like the one you describe, it is usually easiest to correct them by setting your computer back to a restore point from just prior to when the problems began. You still have this option, provided your system restore is turned on, even though it means you would have to then go back and remove all the malware a second time. Sometimes this can be easier than to go looking for a program that's gone missing. It's possible that you lost something with CCleaner. MSN is part of Windows. When you remove Microsoft programs, they can be connected with other Microsoft components and take things with them unexpectedly. However, it's also possible that some malware came in at the same time coincidentally.

I noticed some Symantec entries in your computer. Do you know what this is?

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE


Please do the following:

1) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

2) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

After you click fix, just close hijackthis.

Your version of Spybot (1.4) is not current. It would be better to get the newest version 1.5, even though it's a bit sluggish in comparison to the last version. The download link is in the READ & RUN ME


If, after trying the different things above, you still think you might have malware, it's possible to run some rootkit scans. These are found in the Alternate Scans about half-way down the page.

Let me know how things go.

abri

 

hi abri, sorry for delay in reply have been working a lot lately appreciate help

ok i am in the process of uninstallling and reinstalling my a/v and firewall and will let you know how this goes

as for the msn messenger and the msn live messenger i think i must have confused the identity of these programmes and then that is what must have triggered all this mess . as for the return to restore point i dont think i ever made a proper one so im going to try the reinstalling solution first

as regards the symantec findings the computer used to be severl crippled with malware a year or so ago but it was cleaned and gutted my an expert so the finding must be something he missed , is it a problem ?

i have used the messenger removal tool

done the scan in hjt and fixed the identified file

i am now running spybot 1.5

downloaded avg anti rootkit

i am going to install the f.w and a.v and avg anti-rooykit now abri and will be in touch a.s.a.p

thanks for all help so far sorry for delay