| [Fixed] Hijackthis! Logs - [Fixed] Need Help Please posted in the Security & Safety forums; This is a current hijack this log, I run xp with mozilla browser, i have avast anti virus and also mcafee firewall. I am having loads of problems with viruses ... |
  |
|
|
03-26-2007
|
|
|
Bronze Member
|
|
Join Date: Mar 2007
Posts: 21
|
|
[Fixed] Need Help Please
This is a current hijack this log, I run xp with mozilla browser, i have avast anti virus and also mcafee firewall. I am having loads of problems with viruses can somebody help me out please.
Please post all logs as attachments. Thanks, Upgrader.
Last edited by upgrader; 03-26-2007 at 04:35 PM.
|
|
03-26-2007
|
|
 |
Site Manager
|
|
Join Date: Jul 2006
Location: /home/upgrader/
Posts: 6,457 PC Experience: Some Experience
|
|
Hi ryand, my welcome to PCHF 
Could you follow the prework in my signature below and post back here as attachments:
Spysweeper log
AVG Anti-spyware log
and a new hijackthis log.
Then we can help you
Chris
|
|
03-26-2007
|
|
|
Bronze Member
|
|
Join Date: Mar 2007
Posts: 21
|
|
Thanks for your help, i followed the prework as requested the avg came back clear but here are the spysweep and highjack this logs.
|
|
03-27-2007
|
|
 |
Senior Security Analyst
|
|
Join Date: Jan 2007
Location: texas, USA
Posts: 2,628 PC Experience: PC Illiterate
|
|
well, ryan, I gots good news and I gots bad news. You are really, really infected. That's the bad part. The good part is we know how to get rid of all of it. The other bad part is that I am of to school (a(*&()&*ing mcsa......you ever want to learn more about dns than you can possibly ever want to, take the Network Architecture class....plus binary!) so I will have to get to this tomorrow.
Again, you are pretty infected. But we'll patch you up no problemo.
See you on the morrow.
v
__________________
M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture
"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
|
|
03-27-2007
|
|
|
Senior Security Analyst
|
|
Join Date: Jan 2007
Location: texas, USA
Posts: 2,628 PC Experience: PC Illiterate
|
|
Okay, Ryan, let’s roll up our sleeves and get to work, shall we? First, please right-click on start, and choose Explore. Click on Tools, Folder Options, and then View. Make sure that there is a tic next to Display contents of System Folders, Show Hidden Files and Folders is selected, and Hide known file extensions is not selected. Now close Explorer.
First off, let’s take care of that CoolWebSearch:
You have a CoolWebSearch infection.
Download CWShredder here to its own folder.
Update CWShredder
* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++
Next, let’s try the vundo.
Please download VundoFix.exe to your desktop- Double-click VundoFix.exe to run it.
- Click the Scan for Vundo button.
- Once it's done scanning, click the Remove Vundo button.
- You will receive a prompt asking if you want to remove the files, click YES
- Once you click yes, your desktop will go blank as it starts removing Vundo.
- When completed, it will prompt that it will reboot your computer, click OK.
- Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Let’s start there, and see where that gets us. If you could post a new spysweeper log in addition to the vundo log and the hjt log, so you will have 3 logs in your reply, that would be most appreciated.
Don’t hesitate to stop if you are confused, or have a question. There’s a bit of work to do, so if you get lost in the details, take a step back and ask away. That’s what we’re here for. J
Thanks,
v
__________________
M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture
"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
|
|
03-27-2007
|
|
|
Bronze Member
|
|
Join Date: Mar 2007
Posts: 21
|
|
Valis thanks for your ongoing support, i am currently following your instructions, i will post back the results shortly.
Thanks Ryan.
|
|
03-27-2007
|
|
|
Bronze Member
|
|
Join Date: Mar 2007
Posts: 21
|
|
Hi Valis,
I followed all you instrustions and here are the findings.
After running CWS Shredder one file was deleted but id did not find cool web search.
After running Vundo fix it deleted around 10 win\32 files and the creen went blank like you said, but then avast flagged up 2 files Vundo backup which i deleted.
After Vundo ran i am getting a RUNDLL Error loading C:\WINDOWS\system32\rdfgdcgq.dll when windows starts up.
Sorry i though Vundo Fix would generate a log automatically i did not reliase i would have to do manually.
On the plus point when avast starts up it normally comes up with 3/4 viruses which it has not done.
I have attached the HJT log aswell as SPY SWEEPER
Thanks again for your help im a bit thick when it comes to computers
|
Satellite TV on your PC - over 3000 Channels! Click Here! |
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
[Fixed] Need Help Please
