Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack and malware byte log-not sure what virus i have [Solved]

Started by Jessieboogie , Jan 27 2009 08:14 PM

  • This topic is locked This topic is locked

#16
Jessieboogie
Posted 11 February 2009 - 07:26 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Malwarebytes' Anti-Malware 1.33
Database version: 1749
Windows 5.1.2600 Service Pack 3

2/11/2009 10:17:33 AM
mbam-log-2009-02-11 (10-17-33).txt

Scan type: Quick Scan
Objects scanned: 56645
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 11, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 11, 2009 15:53:25
Records in database: 1782869
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 78553
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:53:15


File name / Threat name / Threats count
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Incomplete\T-3545427-big love robert plant (high bitrate).mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\Hit big log robert plant HQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.v 1

The selected area was scanned.
  • 0

Advertisements

#17
heir
Posted 12 February 2009 - 06:22 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Step 1.
OTMoveIt3:

  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe
:Files
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Incomplete\T-3545427-big love robert plant (high bitrate).mp3
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\Hit big log robert plant HQ.mp3
:Reg
:Services
:Commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2.
Things I would like to see in your reply:

  • The content of the result window in OTMoveIt3 from step 1.
  • Information on how your computer is running now.

  • 0

#18
Jessieboogie
Posted 12 February 2009 - 04:38 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Pc still running very slow.



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Incomplete\T-3545427-big love robert plant (high bitrate).mp3 moved successfully.
C:\Documents and Settings\Compaq_Owner\My Documents\LimeWire\Saved\Hit big log robert plant HQ.mp3 moved successfully.
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_4a8.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF90E4.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_3J8C0jNbQFKAIs6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_ael5ZtX6uQnDuJS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_iPxp4dfu8jc02l1 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_N9karxdUZeHW0Ma scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_Rcupeb72wuNFSaG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UfNKPLad2Ys0WML scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1ec.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV4.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_173029

Files moved on Reboot...
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
File C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdata_4a8.dat not found!
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF90E4.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.
File C:\WINDOWS\temp\mcafee_3J8C0jNbQFKAIs6 not found!
File C:\WINDOWS\temp\mcmsc_ael5ZtX6uQnDuJS not found!
File C:\WINDOWS\temp\mcmsc_iPxp4dfu8jc02l1 not found!
File C:\WINDOWS\temp\mcmsc_N9karxdUZeHW0Ma not found!
File C:\WINDOWS\temp\mcmsc_Rcupeb72wuNFSaG not found!
File C:\WINDOWS\temp\mcmsc_UfNKPLad2Ys0WML not found!
File C:\WINDOWS\temp\Perflib_Perfdata_1ec.dat not found!
File C:\WINDOWS\temp\WFV4.tmp not found!
  • 0

#19
heir
Posted 14 February 2009 - 04:06 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hey there, Jessieboogie!

OK! Well done, your log is clean again! :)

Pc still running very slow.

I can't see anything in the logs indicating it's related to malware.
After you followed the steps in this post go here and see if that helps.

Time for some housekeeping.

Step 1.
Clean up:

First:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Double-click OTMoveIt3.exe to start it.
Click the Clean up button
Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTCleanIt.


Second:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#20
Jessieboogie
Posted 14 February 2009 - 03:42 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Thank you so much for all your time and assistance. Maybe you could help me with something else? I want to determine what programs are needed at start up on my system. Or would you like me to start another topic?
  • 0

#21
heir
Posted 15 February 2009 - 03:23 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Thank you so much for all your time and assistance. Maybe you could help me with something else? I want to determine what programs are needed at start up on my system. Or would you like me to start another topic?

Let's see.

I've gathered information about the startup entries from your last OTListIt-log.
Below I've listed entries that are not nessessary or that can be accessed manually in an other way.
It's up to you which softwares/programs you want to startup.
use msconfig to disable those you don't want to run at startup.

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) <<<--- Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properly
O4 - HKLM..\Run: [AlcxMonitor] ALCXMNTR.EXE (Realtek Semiconductor Corp.) <<<--- Realtek AC97 Audio - Event Monitor. "Slyware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) <<<--- HP software updates. If a shortcut doesn't exist, create your own and run it manually
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company) <<<--- This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.) <<<--- From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company) <<<--- Multimedia Keyboard companion on HP computers. If this is prevented from starting, then some keyboard functionality will be lost.
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) <<<--- Related to Nero_AG_InCD part of nero and does not need to be running if you run xp and do not burn many disks. Note: Located in \%Program Files%\Nero\Nero 7\InCD\
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.) <<<--- Puts the ATI Catalyst™ Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) <<<--- Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (Hewlett-Packard Company) <<<--- Related to LightScribe from Hewlett-Packard an innovative technology that uses a special disc drive, special media, and label-making software to burn labels directly onto CDs and DVDs. Note: Located in \%Program Files%\Common Files\LightScribe\
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) <<<--- Related to Google's Toolbar Notifier. Note: Disabling or enabling it is down to user preference. Note: Located in \%Program Files%\Google\
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 File not found <<<---Related to Adobe_Update application installed alongside Adobe products which deals with software updates. Only appears in the task list when summoned manually by the product, but shouldn't be terminated unless suspected of causing problems. Note: Located in C:\Program Files\Adobe\Acrobat 7.0\Reader\
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.) <<<--- Yahoo! Messenger allows you to send instant messages. Available via Start -> Programs
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) <<<--- System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos from a camera, for example
  • 0

#22
Jessieboogie
Posted 15 February 2009 - 01:51 PM

Jessieboogie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Just what I needed!! Thanks so much,again!!
  • 0

#23
heir
Posted 15 February 2009 - 01:56 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Just what I needed!! Thanks so much,again!!

Your welcome.
  • 0

#24
heir
Posted 18 February 2009 - 03:03 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP