Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] Help with Hijack This log / Virus

[Fixed] Hijackthis! Logs - [Fixed] Help with Hijack This log / Virus posted in the Security & Safety forums; Please download the OTMoveIt by OldTimer . Save it to your desktop . Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 3 of 7 < 1 2 3 4 5 6 7 >
  #15  
Old 11-14-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\drivers\system.exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot, and post a new hjt log please.

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #16  
Old 11-14-2007
vampstrysse's Avatar
Bronze Member
  
Join Date: Oct 2007
Posts: 43
PC Experience: Some Experience
vampstrysse - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
Alright... when I hit the "move it" button, it said it could not create the log, but it showed up in the results box to the left. I restarted my computer, and here is the new hijackthis log. Thank you.
Attached Files
File Type: log hijackthis.log (9.0 KB, 1 views)


  #17  
Old 11-15-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
let's try this

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"sysinit"=-


 Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #18  
Old 11-15-2007
vampstrysse's Avatar
Bronze Member
  
Join Date: Oct 2007
Posts: 43
PC Experience: Some Experience
vampstrysse - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
Here are the new logs. Thank you.

Angela
Attached Files
File Type: txt Combofix.txt (18.3 KB, 2 views)
File Type: log hijackthis.log (9.1 KB, 2 views)


  #19  
Old 11-16-2007
valis's Avatar
Senior Security Analyst
My PC
 
Join Date: Jan 2007
Location: texas, USA
Posts: 2,609
PC Experience: PC Illiterate
valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page valis - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
okay, it's still there....grrrr. I'm going to ask one of the heavy hitters to come in and take a look at this.

thanks,

v


__________________

M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture

"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
  #20  
Old 11-16-2007
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,073
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
Ok.Lets see if this will kill the beastie....


Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:


KillAll::

Rootkit::
C:\Documents and Settings\Owner\winmain.exe
C:\WINDOWS\system32\drivers\system.exe
File::
C:\Documents and Settings\Owner\winmain.exe
C:\WINDOWS\system32\drivers\system.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\runonce]
"winmz"=-
"sysinit"=-
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe
Restart your computer.
When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #21  
Old 11-18-2007
vampstrysse's Avatar
Bronze Member
  
Join Date: Oct 2007
Posts: 43
PC Experience: Some Experience
vampstrysse - See this Members User comments on their Profile page
Default Re: Help with Hijack This log / Virus
Ok here are the logs. Thank you!
Attached Files
File Type: txt ComboFixlog.txt (14.5 KB, 1 views)
File Type: log hijackthis.log (8.9 KB, 1 views)



Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 3 of 7 < 1 2 3 4 5 6 7 >

Bookmarks

« Internet Explorer Issues- prework done HJT Log | [Fixed] Big Virus Problems Help »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 05:25 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Anime Ranking
A toplist which ranks Anime sites based on popularity.

Mortgage Calculator
Information and advice from the experts at yourmortgage.

Internet Advertising
Join the free co-op advertising network and increase your traffic.