WiredWX Hobby Weather ToolsLog in

 


descriptionMalware-I am infected EmptyMalware-I am infected

more_horiz
Hello,

My computer was running slowly which prompted me to run a scan. I believe I have Malware/Trojans on my computer…some of the messages that appeared were:

1. HTML/Infected.WebPage.Gen
2. Java/selace.k

Could someone help me with next steps? I followed the beginner’s guidelines and attached is my OTL log.

Thank you in advance for your help!

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Hello.
I can't open docx files, I don't have Office 2010 or 2009, or whatever the latest version is, please save the logs in a Notepad file instead.

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Log 1 of 2 (OTL) attached

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Log 2 of 2 attached. Thanks!

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Hello.

  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:

Malware-I am infected CF_download_FF

Malware-I am infected 2aflf5z

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Svchost.exe is detecting antivirus and antispyware real time scanners to be active, but it is not listing the names...

I even uninstalled Avira, and the only other product in "internet security" is Trend Micro and that is completely off (and marked so in internet security).

Thoughts?

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Hello.
Please boot to Safe Mode and run Combofix there, if Combofix warns that AV software is still active, ignore the warning, Safe Mode will keep them shut off.

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Thanks for the tip! Combofix log attached.

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
I'm not sure if I deleted ComboFix...it started up like it was running the program. Is it important to delete it?

The computer appears to be running faster! I did a virus scan with a new software I installed (Trend Micro) and it caught only one virus and quarantined it (JS_Agent.DCD).

Thank you for all of your assistance!!

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Here is the log for the ESet scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a005e8a30b5073469c7a2fb87d9bb433
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-16 06:29:38
# local_time=2010-05-16 02:29:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=513 16777045 100 100 0 108840778 0 0
# compatibility_mode=5892 16776574 100 100 34196520 110584011 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177897
# found=1
# cleaned=1
# scan_time=14893
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Then download and install Adobe Reader 9.3.2

Please download Firefox 3.6.3 and install it. It will install over version 3.5.9 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
Everything appears to be working very well and the speed is much better! Was my computer badly infected? Is there anything else I should do?

I will be making a donation when PayPal is working again.

Thank you for all of your assistance...it is truly appreciated!!!!

descriptionMalware-I am infected EmptyRe: Malware-I am infected

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum