Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I believe my computer has malware!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: I believe my computer has malware!

Unread postby superstarperrito » April 14th, 2010, 11:04 am

This is the VirusTotal log:

Motor antivirus Versión Última actualización Resultado
a-squared 4.5.0.24 2009.09.23 -
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 -
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.21 -
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 -
CAT-QuickHeal 10.00 2009.09.23 -
ClamAV 0.94.1 2009.09.23 -
Comodo 2413 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 -
eSafe 7.0.17.0 2009.09.23 -
eTrust-Vet 31.6.6756 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 -
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 -
Ikarus T3.1.1.72.0 2009.09.23 -
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.851 2009.09.22 -
Kaspersky 7.0.0.125 2009.09.23 -
McAfee 5749 2009.09.22 -
McAfee+Artemis 5749 2009.09.22 -
McAfee-GW-Edition 6.8.5 2009.09.23 -
Microsoft 1.5005 2009.09.23 -
NOD32 4449 2009.09.23 -
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 -
PCTools 4.4.2.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 -
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.22 -
Información adicional
File size: 2791424 bytes
MD5 : 58898f52ec07f3ec41c9afb25f9b7cc9
SHA1 : 6fdd321b01a351db6cef271359c20eb9d5eb44d0
SHA256: bff68903d1d8108da9f3e556347877769b5ebd23b5408f671341a3a4a8777813
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xB95D
timedatestamp.....: 0x4802524B (Sun Apr 13 20:34:51 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x26FF6 0x27000 6.47 d1871c59ee4b291aec3356b5f009d1a3
.data 0x28000 0x16440 0x5A00 1.98 b572d8373b5d24b3d35b20adb2009070
.rsrc 0x3F000 0x27C880 0x27CA00 4.49 4a3166fa6ed9dc4bbb5c0180c66a108a

( 15 imports )

> advapi32.dll: RegOpenKeyExA, LookupPrivilegeValueW, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, ConvertSidToStringSidW, RegLoadKeyW, RegUnLoadKeyW, GetUserNameW, RegQueryValueExA, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, LookupAccountNameW, GetSidSubAuthorityCount, GetSidSubAuthority
> comctl32.dll: -, -, InitCommonControlsEx, -, -, -
> duser.dll: UtilDrawBlendRect, DUserRegisterStub, DeleteHandle, FindGadgetFromPoint, LookupGadgetTicket, SetGadgetRootInfo, GetStdColorBrushI, GetStdColorI, FindStdColor, GetMessageExW, InitGadgets, SetGadgetBufferInfo, GetGadgetTicket, MapGadgetPoints, CreateAction, GetGadgetRgn, GetGadgetAnimation, BuildInterpolation, BuildAnimation, GetGadgetSize, GetGadgetRect, CreateGadget, DUserPostEvent, ForwardGadgetMessage, AttachWndProcW, InvalidateGadget, SetGadgetRect, SetGadgetParent, SetGadgetFocus, GetGadgetFocus, SetGadgetMessageFilter, SetGadgetStyle, DUserSendEvent
> gdi32.dll: CreateCompatibleDC, CreateFontIndirectW, GdiFlush, CreateSolidBrush, GetDeviceCaps, CreateBitmap, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, PatBlt, DeleteObject, DeleteDC, CreateRectRgn, OffsetRgn, ExtTextOutA, LPtoDP, StretchDIBits, GetLayout, SetLayout, CreateDIBPatternBrushPt, CreateDIBSection, GetDIBits, GetBrushOrgEx, SetBrushOrgEx, CreateHalftonePalette, SelectPalette, RealizePalette, PlayEnhMetaFile, SetStretchBltMode, CreatePatternBrush, BitBlt, SetBkMode, SetTextAlign, GetTextExtentPoint32W, DeleteEnhMetaFile, GetObjectA, StretchBlt, GetObjectW, GetPixel, GetStockObject, CreateCompatibleBitmap
> kernel32.dll: GetModuleHandleA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, DeleteAtom, AddAtomW, lstrcatW, TlsGetValue, HeapFree, HeapReAlloc, HeapAlloc, MulDiv, GetProcAddress, LoadLibraryW, InterlockedDecrement, InterlockedIncrement, HeapCreate, TlsAlloc, TlsFree, HeapDestroy, TlsSetValue, DeleteCriticalSection, InitializeCriticalSection, FreeLibrary, GetLocaleInfoW, GetModuleHandleW, lstrlenW, lstrcpynW, lstrcmpiW, SetUnhandledExceptionFilter, ExitProcess, LocalAlloc, lstrcpyW, LocalFree, GetStartupInfoA, DelayLoadFailureHook, GetLastError, GetComputerNameW, LocalSize, SetLastError, ExpandEnvironmentStringsW, IsBadWritePtr, IsBadStringPtrW, GetCurrentThread, CloseHandle, InterlockedExchange, GetVersionExA, GetAtomNameW, SetProcessWorkingSetSize, GetUserDefaultUILanguage, MultiByteToWideChar, FindAtomW, EnterCriticalSection, LeaveCriticalSection, OutputDebugStringW, SizeofResource, LockResource, LoadResource, FindResourceW
> msimg32.dll: GradientFill, AlphaBlend, TransparentBlt
> msvcrt.dll: _onexit, __3@YAXPAX@Z, swprintf, _wcsicmp, _purecall, wcscpy, qsort, _c_exit, _exit, _iob, fwrite, strtol, _wtoi, _itow, _ftol, memmove, _snwprintf, wcsncpy, wcscmp, wcslen, _controlfp, atoi, __dllonexit, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter
> netapi32.dll: NetApiBufferFree, DsGetDcNameW, NetQueryDisplayInformation
> ntdll.dll: NtQuerySystemInformation, RtlUnhandledExceptionFilter
> ole32.dll: CoUninitialize, CoInitialize, CoDisconnectObject, CoInitializeEx, CoCreateInstance
> oleacc.dll: LresultFromObject, AccessibleObjectFromWindow, CreateStdAccessibleObject
> oleaut32.dll: -, -, -, -
> rpcrt4.dll: RpcBindingFromStringBindingW, NdrClientCall2, RpcBindingFree, RpcStringFreeW, RpcEpResolveBinding, RpcStringBindingComposeW
> shell32.dll: -
> user32.dll: CreateWindowExW, ShowWindow, SetForegroundWindow, EnableWindow, DestroyWindow, UnregisterClassW, GetSystemMetrics, SetWindowLongW, MonitorFromPoint, GetMonitorInfoW, SetWindowPos, wsprintfW, LoadStringW, PostMessageW, CopyIcon, GetClientRect, MessageBoxW, FindWindowW, GetKeyboardLayout, DestroyIcon, GetKeyboardLayoutList, SystemParametersInfoW, GetDC, ReleaseDC, GetSysColor, DrawTextW, GetProcessDefaultLayout, CreateIconIndirect, GetWindowRect, SendMessageW, KillTimer, SetTimer, LoadCursorW, RegisterClassExW, GetWindowLongW, DefWindowProcW, BeginPaint, FillRect, EndPaint, CharNextA, CharNextW, GetWindowLongA, SetRect, GetIconInfo, LoadImageW, EqualRect, DrawIconEx, DrawFocusRect, IntersectRect, DrawFrameControl, CopyRect, SetRectEmpty, AdjustWindowRectEx, GetParent, SetCursor, ScreenToClient, GetMessagePos, InvalidateRect, DefWindowProcA, GetClassInfoExW, GetSysColorBrush, SendMessageA, GetWindowTextW, GetWindowTextLengthW, DispatchMessageW, TranslateMessage, GetMessageW, PostQuitMessage, SetWindowLongA, SetFocus, SystemParametersInfoA, NotifyWinEvent, SetParent, CallWindowProcW, UpdateWindow, SetWindowRgn, SetWindowTextW, MapWindowPoints, GetFocus

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 49152:OvLaQdN40JJvngCgz/d0Q3qsiy8D6vzxaJiL0w3Br3q4Sye32K4Hymq0we30n57f:Z
PEiD : -
superstarperrito
Active Member
 
Posts: 11
Joined: April 7th, 2010, 10:23 pm
Advertisement
Register to Remove

Re: I believe my computer has malware!

Unread postby deltalima » April 14th, 2010, 2:32 pm

Hi superstarperrito,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1614895754-842925246-515967899-500\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.


Now close all other open windows and then click on Fix Checked. Close HijackThis.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world.Firewalls protect against hackers and malicious intruders. I would like you to download and install the free firewall from

Online-Armor by Tall Emu

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Please let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I believe my computer has malware!

Unread postby superstarperrito » April 15th, 2010, 4:02 pm

I've been using my netbook since the morning and it works perfectly!

Thanks so much. Please, let me know if there's a way I can contribute with this forum or with you!
superstarperrito
Active Member
 
Posts: 11
Joined: April 7th, 2010, 10:23 pm

Re: I believe my computer has malware!

Unread postby deltalima » April 15th, 2010, 4:37 pm

Hi superstarperrito,

I've been using my netbook since the morning and it works perfectly!


Great news.

Thanks so much. Please, let me know if there's a way I can contribute with this forum or with you!


Please see here if you would like to help us.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.[/list]Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I believe my computer has malware!

Unread postby Dakeyras » April 16th, 2010, 4:41 am

As this topic is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware