Possible Malware

Discussion in 'Malware Help (A Specialist Will Reply)' started by †Zachæriah†, Mar 11, 2008.

  1. †Zachæriah†

    †Zachæriah† Private E-2

    Computer is running slow lately, awhile back i had gotten some warning messages about viruses(trojans) that had been installed on my computer. I ran AVG | Ad-Aware 2007 | Spy-Bot S&D to check my computer for any form of malware and AVG didn't find any threats, but had 2 results.

    C:/WINDOWS\system32\shell32.dll-Object Change-Result Change-Status
    C:/WINDOWS\sytem32\drivers\etc\hosts-Object Change-Result Change-Status

    Ad-Aware came up with some privacy objects and a system32 trojan object and I removed them and Spy-Bot S&D found some minor privacy issues which also were removed.

    Ever since this happened my computer has been doing weird stuff(i.e. audio clips playing when no programs are open) booting slowly and loading programs slowly (ex:FF-20sec load time, IE-15sec load time.) I completed the steps from the READ & RUN ME FIRST. Malware Removal Guide thread and this improved things but computer is still running slowly.

    My Logs:
     

    Attached Files:

    †Zachæriah†, Mar 11, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're not having malware problems. You are just being bitten by what you are running.

    First you still have services from McAfee trying to run but you are now using AVG. Run the below:

    McAfee Consumer Product Removal Tool

    You also have Windows Defender and CA Yahoo! Anti-Spy running. I suggest that you uninstall Windows Defender now.

    You can also uninstall SUPERAntispyware now since we are finished with it.

    Now here are some more non-malware tweaks.

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

    After clicking Fix, exit HJT.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

    Then attach the below log:
    • C:\MGlogs.zip
    Make sure you tell me how things are working now! If you still feel things are slow, I will give you a couple more suggestions after seeing the new log.
     
    Last edited: Mar 15, 2008
    chaslang, Mar 12, 2008
    #2
  3. †Zachæriah†

    †Zachæriah† Private E-2

    That seems to have fixed the problem, everything is loading and working faster. Thanx
     

    Attached Files:

    †Zachæriah†, Mar 15, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Great!

    If you are not having any other malware problems, it is time to do our final steps:
    2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN
      • Now type combofix /u in the runbox and click OK.
      • Note: The space between the X and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    6. If you are running Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    7. After doing the above, you should work thru the below link:
     
    chaslang, Mar 16, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds