Scan your PC for Errors

Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] I've been infected!!

[Fixed] Hijackthis! Logs - [Fixed] I've been infected!! posted in the Security & Safety forums; Ok, Here are links to both the Ewido log and the Hijackthis log as per instructions. One is too big to be attached so I put them both on my ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 3 < 1 2 3 >
  #8  
Old 05-25-2006
Bronze Member
  
Join Date: Jan 2006
Posts: 24
littlejones - See this Members User comments on their Profile page
Default
Ok,

Here are links to both the Ewido log and the Hijackthis log as per instructions. One is too big to be attached so I put them both on my webspace...

http://www.littlejones.co.uk/ewido.txt
http://www.littlejones.co.uk/hijackthis2.log

I still have all the symptoms, but I assume I'll have to fix some problems manually as they won't automatically go back to normal once the virus is gone? For instance the ability to select Shut Down from the start menu and to remove the '??????' from the task bar.

Thanks in advance.
  #9  
Old 05-26-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
Hya LJ , the links to the latest logs you posted dont work im afraid.

Boot youre pc in safemode (hit f8 when booting up) and then fix these entrys with hjt:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\Win1145695.exe
O4 - Startup: explorer.exe
After that manually delete these two files:

C:\WINDOWS\system32\Win1145695.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\explorer.exe

Reboot , and post a new hjt log plus the Ewido log you made earlier please.


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #10  
Old 05-26-2006
Bronze Member
  
Join Date: Jan 2006
Posts: 24
littlejones - See this Members User comments on their Profile page
Default
Hi Joe,

Thanks for helping. The new hijackthis log is here...

http://www.littlejones.co.uk/hijackthis.log

I'll work on Ewido now, but it takes about an hour or so to scan so I'll be back in a bit.


Thanks again.
  #11  
Old 05-26-2006
Bronze Member
  
Join Date: Jan 2006
Posts: 24
littlejones - See this Members User comments on their Profile page
Default
You might have to type that address in your browser manually because when I click it, it changes the / after .co.uk to a full stop.

http://www.littlejones.co.uk/hijackthis.log


EDIT: THIS ONE WORKS ^^


Last edited by littlejones; 05-26-2006 at 03:16 PM.
  #12  
Old 05-26-2006
joe5's Avatar
Elite Member
My PC
 
Join Date: Jun 2005
Location: Netherlands
Posts: 9,036
joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page joe5 - See this Members User comments on their Profile page
Default
One of them is still there , boot in safemode again and fix this one with hjt:
(have no browser windows open at all)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\system32\Win1145695.exe
Delete the file in bold manually , reboot and post a new hjt log please. And can you also post the Ewido log?


__________________
- PCHF Team. - (NL) - Mal-ware Eradicator! -
  #13  
Old 05-26-2006
Bronze Member
  
Join Date: Jan 2006
Posts: 24
littlejones - See this Members User comments on their Profile page
Default
Hi,

I'll do that now, thanks very much.

As for Ewido, here it is, but I think it's pretty clean now.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 21:45:47 PM, 26/05/2006
+ Report-Checksum: 4AB19867

+ Scan result:

:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1fy32lyr.default\coo kies.txt -> TrackingCookie.Centrport : Cleaned with backup


::Report End
  #14  
Old 05-26-2006
Bronze Member
  
Join Date: Jan 2006
Posts: 24
littlejones - See this Members User comments on their Profile page
Default
New HJT log, am I clean now?
Attached Files
File Type: log hijackthis.log (4.9 KB, 2 views)



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 3 < 1 2 3 >

Bookmarks

« [Resolved] popup trojan | [Resolved] laptop was slow »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 10:43 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top