Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HijackThis log

Unread postby dan12 » February 23rd, 2009, 4:42 pm

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK:
"%userprofile%\desktop\combofix.exe"
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire
Advertisement
Register to Remove

Unread postby Pc-Guy » February 23rd, 2009, 4:58 pm

Hi, I tried that but it said it cannot find the application, even when I change it to "Pc-Guy.exe".
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 23rd, 2009, 5:09 pm

Ok, not giving up yet :)
I assume your antivirus and firewall are disabled whilst your about to do the scan?

Open Task Manager by pressing the Ctrl Alt and Del keys, at the same time.

In the menu at the top of the dialog box, click File>New Task (Run...)

Copy/paste (or type) the following in the Run box and click OK: (assuming ComboFix.exe is on the desktop as was instructed)

"%userprofile%\desktop\combofix.exe"
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Pc-Guy » February 23rd, 2009, 6:06 pm

Hi,
It still opened a cmd window saying:

"Please wait.
Preparing to run"

But it is nor doing anything. I have also noticed that you can type in it as well, and that the background is blue instead of black.
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 23rd, 2009, 6:06 pm

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image


Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis log

Unread postby Pc-Guy » February 23rd, 2009, 6:26 pm

Hi Dan,
Sorry but it still does the same thing. I have even tried two of the links but it still doesn't do anything.
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 23rd, 2009, 6:51 pm

Hi, Brian,

The infection you have which is causing us the problems with the malware tools is a TDss rootkit!
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Some Helpers on other forums may cleanup this infection. I would be doing you a disservice if I was to continue with a clean up.
It more than likely would be couple of days of posting fixes when in the space of an hour you could reformat and back up to speed.

Sorry It couldn't be better news!
If you need reformat advise let me know.
Dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Unread postby Pc-Guy » February 24th, 2009, 1:43 pm

Hi Dan,
Thank you, do you know any other forums that will be able to fix this problem?

Also, if I was to reinstall my OS, I would have a problem because I only have the upgrade version not the acctual OS. Do
you know if I could reinstall my PC using that CD?

Thank you,
Brian
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 24th, 2009, 2:08 pm

Hi,Brian, the thing is with this infection some of the newer variants, after I have removed the bad driver and all the bad folders, etc., simply regenerate the driver and the folders... the infection is extremely resistant. Some variants simply will not allow either MBAM or ComboFix to run, even if they've been renamed.Even if I managed to clean-up the system you cannot be certain that something has not been left behind.,if it requires pages of posts versus a fast reformat then that has to be more practical for yourself. In answer to your question,I have to be honest I'm not sure regarding the upgrade cd, I can ask around for you. Like I said you could get it cleaned but the machine has been compromised.
dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis log

Unread postby Pc-Guy » February 24th, 2009, 2:21 pm

Hi Dan,
Thank you very much for your help through out. I have decided I will go on and reformat the system. I have reinstalled before a couple of times on my other machines, but the are all XP. So if the upgrade CD doesn't work, I think I will reinstall XP and then upgrade to Vista this way.
I have only one question left, if I back up my files for reinstalation, would the trojan travel around as well?

Thank you very much for your support,
Brian
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 24th, 2009, 2:34 pm

Hi, Brian, pleased your reformatting :)
What I would do is, when you back up to a folder/drive portable media, have the folder\drive scanned with an online scanner to rule out anything that may be lurking before placing them back on to the clean system.
This might be useful to you. Reformatting windows xp
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis log

Unread postby Pc-Guy » February 24th, 2009, 2:39 pm

Hi,
Do you know any reliable online scanner?
Pc-Guy
Regular Member
 
Posts: 16
Joined: February 13th, 2009, 1:50 pm

Re: HijackThis log

Unread postby dan12 » February 24th, 2009, 3:00 pm

Brian, Here is a couple we use a lot, remember they are scanners only! they don't fix things if anything is found.
You could scan with a good antivirus program which would fix certain items.
I wish you luck,hope it's been helpful for you.
I will leave thread open 24hrs just incase you thinnk of anything else, then I will close up.
kind regards dan

Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

----------------------------


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

---------------------------
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HijackThis log

Unread postby Gary R » February 25th, 2009, 6:46 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware