Unable to overcome malware issues please help!

Discussion in 'Malware Help (A Specialist Will Reply)' started by cloud9graphics, Jun 29, 2006.

  1. cloud9graphics

    cloud9graphics Private E-2

    typically when i run into a machine that has this much spyware/adware/malware, etc i would just reformat the machine but seeing as this co-workers machine had a great deal of important program settings, etc that would be very difficult and tedious to put back into place i am trying to rid the machine of the crap. below i have posted a hijackthis log of the most recent things happening. i have ran the following to try to handle these problems. i always started by running them in safe mode then tried running in normal windows.

    SmitFraud Removal tool
    Adware.NDotNet (from symantec) removal instructions
    Symantec antivirus corporate edition (with most updated definitions)
    Ad-Aware SE (with most updated definitions)
    Webroot Spysweeper (with most updated definitions)
    Spybot Search & Destroy(with most updated definitions)
    PC Tools Spydoctor(most updated definitions)
    Hijack this (created log which i will paste below)
    Aimfix (to try to fix aim virus's tool)
    windows defender(with most updated)

    i have also tried to remove all of the malicious registry keys, random filenames that were created, etc.

    i have done this all from safemode.

    i have also installed comodo personal firewall this way i could control what was going in and out.

    for some reason i cannot turn on the windows firewall probably as a result of these infections.

    it seems as these things keep on spawning. i dont really know what to do this is the first time i have been unable to overcome these problems.

    Spybots most recent scan comes up with NO THREATS


    Spyware Doctor finds:

    Common Compoents for Click Spring Items
    Network Monitor

    i try to remove these and it says it removes them yet when i run a scan again it finds them all over again.

    Symantec finds nothing (it used to but no longer is showing threats since it "removed" them.)

    i also tried creating an additional username and trying to scan the troubled username from (safe mode) it found some things in the local settings directory and it claimed to have fixed the problems.

    also now when i bring up the task manager by going control+shift+escape the top part of it is now missing and only is the bottom portion of the window. i have had this on computers without spyware and adware before however i dont know how to fix this.

    i really appreciate any help anyone can offer aside from saying "reformat windows" i have tried everything i know how to do and still keep getting problems. any and all ideas,solutions, information would be greatly appreciated. below is a copy of the most recent Hijack this LOG


    here is the hijack this log.

    Edit: Removed inline HJT log for 1st steps guide to be actioned

    thanks in advance
    -pete
     
    Last edited by a moderator: Jun 29, 2006
    cloud9graphics, Jun 29, 2006
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


    also take note of the intructions for running Hijackthis as, part of the cleaning routines need HJT to be installed in a specific place to avoid being deleted as part of the cleaning steps... also all browsers and none essential applications must be closed.. before running HJT.

    ie.
    C:\Documents and Settings\Steve G\Desktop\HijackThis.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE


    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis


    When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
    • Bitdefender
    • Panda Scan
    • HijackThis
     
    DavidGP, Jun 29, 2006
    #2
  3. cloud9graphics

    cloud9graphics Private E-2

    still experiencing issues. i have followed the long directions and i have attached a hijack this log and the other online scan logs. i have followed all instructions.
     

    Attached Files:

    cloud9graphics, Jun 29, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Questions:

    Is Spyware Doctor a free version or a paid version? Uninstall if free!
    Is Spy Sweeper a free version or a paid version? Uninstall if free!

    Do the above before continuing!!


    You need to follow the directions in step 7 of the READ ME:

    - you installed HijackThis exactly where the directions specify not to install it

    - you gave us a log from safe mode and we need the log to be from normal boot mode

    Please install HJT properly and attach a new log from normal boot mode.

    Look for the below files and delete them. Let me know the results.

    C:\WINDOWS\cfg32.exe
    C:\WINDOWS\comserv.exe
    C:\WINDOWS\hostsmgr.exe
     
    chaslang, Jun 30, 2006
    #4
  5. cloud9graphics

    cloud9graphics Private E-2

    both the spysweeper and spyware doctor are paid versions not the free versions. i have installed Hijack this properly now according to your directions and posted the log it created in normal mode running no other applications.
     

    Attached Files:

    cloud9graphics, Jun 30, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is not a good idea to keep both of these installed and running. They require significant system resources and can conflict with each other's ability to fix or even see problems. Also having multiple realtime blockers like this installed and running can make it difficult to do malware cleanup.

    Since you have a paid version of a spyware blocker installed, uninstall Windows Defender (for the same reasons as above).

    Did you find and delete the files I mentioned?

    Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to Remote Assistance ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

    Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

    RMTASSIST

    If you receive any error messages just ignore them and continue.

    Now exit HJT and reboot when it tells you it needs to.
    After reboot attach a new HJT log and tell me if you are still having any problems.
     
    chaslang, Jun 30, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds