Recovering after Boot.ini rebuild

Discussion in 'Malware Help (A Specialist Will Reply)' started by goliano, Jun 29, 2008.

  1. goliano

    goliano Corporal

    While running "READ & RUN ME FIRST. Malware Removal Guide" I found many malware items, so I'm submitting my logs. There is/was definitely a MyWebSearch infestation.

    Thanks.
     

    Attached Files:

    goliano, Jun 29, 2008
    #1
  2. goliano

    goliano Corporal

    (cont'd)
     

    Attached Files:

    goliano, Jun 29, 2008
    #2
  3. goliano

    goliano Corporal

    I have since done a

    to get rid of the following line from my hijackthis.log.

    O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe (file missing)

    Also, I installed ZoneAlarm Firewall and Avast Anti-Virus, ran a boot-time scan and deleted all items in the Virus Chest.
     
    Last edited: Jun 29, 2008
    goliano, Jun 29, 2008
    #3
  4. goliano

    goliano Corporal

    New hijackthis.log.
     

    Attached Files:

    goliano, Jun 29, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to uninstall Viewpoint Media Player as requested in step 1 of the READ ME.

    You have Avast installed but I see the below from Symantec:

    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

    What applications from Symantec are still installed. I do see LiveUpdate but is anything else installed that you know of. If not, you should run the below, reboot, and run it one more time.

    Norton Removal Tool (SymNRT)

    Then run the C:\MGtools\GetLogs.bat file by double clicking on it. Now attach the new C:\MGlogs.zip file just created.
     
    Last edited: Jun 30, 2008
    chaslang, Jun 30, 2008
    #5
  6. goliano

    goliano Corporal

    The system is running extremely slow, as well. Is there anything in the startup sequence that can be removed?

    Completed all tasks. MGlogs.zip attached.
     

    Attached Files:

    goliano, Jun 30, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'll take a look but first download and use the current version of MGtools and get me a new log.
     
    chaslang, Jun 30, 2008
    #7
  8. goliano

    goliano Corporal

    Here ya go.
     

    Attached Files:

    goliano, Jun 30, 2008
    #8
  9. goliano

    goliano Corporal

    This procdll.txt file was on the desktop after MGTools.exe finished.
     

    Attached Files:

    goliano, Jun 30, 2008
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Here are some quick no brainers to fix.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

    After clicking Fix, exit HJT.

    Did that help?

    This PC could really use twice the amount of RAM that it has installed.
     
    chaslang, Jul 1, 2008
    #10
  11. goliano

    goliano Corporal

    It's probably the low memory, because it's still kinda slow. So, does everything else look ok, as far as malware?
     
    goliano, Jul 1, 2008
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Uninstall the tool bars and any browser addons and see if that helps. Also try another firewall as ZA can be a pig.

    All clean. ;)
     
    chaslang, Jul 2, 2008
    #12
  13. goliano

    goliano Corporal

    Thanks, Chief.
     
    goliano, Jul 2, 2008
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jul 2, 2008
    #14

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds