Ran all malware programs - found several items

Discussion in 'Malware Help (A Specialist Will Reply)' started by GI_Lisa, Sep 29, 2006.

  1. GI_Lisa

    GI_Lisa Private E-2

    Hi,

    My computer was crashing/freezing often, several times an hour. I followed your ReadMe and ran the scans as mentioned.

    First I checked Add/Remove Programs and found that I had WinFixer. I uninstalled it. I also had WeatherBug and uninstalled it and then searched for and removed C:\Progra~1/AWS folder and deleted it.

    I then downloaded and installed all of the programs mentioned in the ReadMe.

    I enabled viewing of hidden files, system files and file extensions.

    I went into Safe Mode and ran CCleaner, Microsoft Windows Malicious Software Removal Tool, SpyBot S&D with SDHelper function, and Microsoft Windows Defender.

    Microsoft Windows Malicious Software Removal Tool and SpyBot S&D found nothing. Windows Defender supplied the message "Running Normally, no unwanted or harmful software detected."

    I then rebooted into Safe Mode With Networking and ran BitDefender and then Panda.

    Bit Defender found Exploit.Win32.WMF-PFV.G. It attempted to remove/quarantine it but it failed. While in Safe Mode, I deleted the file.

    I messed up on the BD Scan report and didn't save it as Text (Tab Delimited) but as html and didn't realize it until after I'd closed the scan page. I changed it to a .txt file, and I hope it still gives you the information that you're looking for.

    Panda said that it found a Broswer Hijack.

    I'm attaching ActiveScan.txt, RunKeys.txt and NewFiles.txt to this post and BitDefender and HiJackThis reports to the next post.

    I'd appreciate it if you'd check them out and let me know what else I need to do.

    Thanks, Lisa
     

    Attached Files:

    GI_Lisa, Sep 29, 2006
    #1
  2. GI_Lisa

    GI_Lisa Private E-2

    I'm attaching the BDScan.txt and HijackThis.log to this post.

    Thanks again. Lisa
     

    Attached Files:

    GI_Lisa, Sep 29, 2006
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The Bitdefender log is supposed to be an html file but when you save it, we ask you to save it with a .txt extension so it can be uploaded. What you attach is not what we really want to see because the formatting is terrible. The HTML file is much easier to read. Don't worry about it now though.

    Is your copy of Ewido a paid or free trial version?

    What malware problems are you actually having? I don't see any malware problems but you do need to cleanup some stuff as given below.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!


    Now Copy the bold text below to notepad. Save it as fixWLK.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now reboot !

    After reboot, attach a the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. HJT
    Make sure you tell me how things are working now! If you are having malware problems, please explain them.
     
    chaslang, Sep 30, 2006
    #3
  4. GI_Lisa

    GI_Lisa Private E-2

    Hi Chaslang,

    I have the html copy also but I can't upload it. I noticed the request in the instruction to save it as Text (Tab Delimited) right after I'd already saved it as html and after I closed the page so it was too late to get the report in the correct format. I changed it to .txt to upload it. I also have the report in the html format. If I copied and pasted it into a .doc file, would that work? The scan took a couple of hours to run but if you think that seeing the results of the scan in Text (Tab Delimited) would make a difference, I'll run the scan again.

    I didn't notice any malware problem except that my computer keeps freezing and crashing so my mother told me to follow the instructions here to see if my computer has a virus or some other kind of malware. She said that she's come to this pc forum before and it helped her. I wasn't misdirected or anything like that.

    I reset web settings using Dial-a-Fix about once a week and I reset them right before I ran all the scans. I also ran CCleaner before I went into Safe Mode and then again when I was in Safe Mode. I use RegSeeker about once every few days to clean up my registry, and I defrag about once a month. I don't do much with my computer except to find info to write term papers, I go to the Harry Potter website, Disney website, and places like that. But somewhere along the line I picked up those things that the scans found and I deleted.

    It's late where I am now. I'll do the things you mentioned in your post tomorrow and post the reports your requested. Thanks for your help.

    One other thing, even after removing the virus/malware/spyware that the scans found yesterday, my computer still freezes and crashes as often as it did before, about once every hour or so.

    Lisa
     
    GI_Lisa, Sep 30, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    All you have to do is rename the file so that the extension is .txt instead of .html. That is what we explained in the READ ME. I don't need the file though.

    I doubt these problems are due to malware. It is more likely that you have other issues, either hardware related or software related. Things like temperature (PC getting to hot), bad RAM, device driver issues, corrupted files for your OS. All of these are topics better suited for the Hardware or Software Forums.
     
    chaslang, Oct 1, 2006
    #5
  6. GI_Lisa

    GI_Lisa Private E-2

    To answer your question about Ewido, about 2 years ago, I downloaded a trial version of a program. I don't remember the name of the program. Before the trial period ended, I uninstalled it because I didhn't like it. For months afterwards, a box would constantly open on my screen telling me that according to the contract (click "I agree") I had to pay for the program. The website never said that I would have to pay for the program at the end of the trial period. I tried everything to get rid of the pop-up box but the only thing that helped was Ewido. I don't remember if I paid for the program or not, though.

    I followed your directions. When I double-clicked on the .txt notepad document with the registry information, all it did was open the document. I didn't see it do anything.

    I use Avast Anti-Virus and Windows firewall and my os is Windows XP Home. I have a Compaq but the os was installed when I got it so I don't have an XP Home disk.

    I'm attaching the new RunKey.txt and HJT doc.

    Lisa
     

    Attached Files:

    GI_Lisa, Oct 1, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please read and follow the directions properly! It is not supposed to be a .txt file. It should be a .reg file! Please follow those instructions again and attach new logs!

    The Windows firewall does not provide adequate protection and it is not a bi-directional firewall!
     
    chaslang, Oct 1, 2006
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds