Solve : Infected?

1.	Solve : Infected?
Answer» Hi all, I have a PC with has been seriously infected with all sorts of rubbish. I have done the USUAL scans, and most of it seems to have been deleted. I have attached the log files. Cheers Nick [recovering disk space -- ATTACHMENT deleted by admin]You're right, it looks like just about everything has been removed. You should close all windows (including this one) and fix the following entries with HijackThis... O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) O20 - Winlogon Notify: pMdcdBtQ - pMdcdBtQ.dll (file missing) Then if you're up to it, you should run the three scans again just to be sure. While you're at it, you need a firewall. Without it, you are leaving yourself vulnerable. My suggestion would be Comodo. Also... Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. First install the new SUN Java Runtime Environment Be sure to close all browser windows before beginning the install. Remove the old version(s) Go to add/remove programs and uninstall all old versions. Be sure not to remove the new version that was just installed. Download JavaRa.zip and UNZIP the file to your Desktop. Open JavaRA.exe and choose Remove Older Versions Once complete exit JavaRA and delete the program. Run CCleaner. (stolen from evilfantasy) How is everything running?Thanks for the reply. I removed the Hijack This entries, then ran the scans again. SuperAntiSpyware found some tracking cookies, which i had it remove, then scanned it again, and it was fine. All other scans came up clean. I updated Java too. I use the Windows Firewall, which has always seemed to do the job OK for me. Everything seems to be running pretty smoothly again. I've attached a final Hijack This log. [recovering disk space -- attachment deleted by admin]Looks clean to me. Feel free to fix these two entries if you wish... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing) Nothing malicious; they're just taking up extra space in the registry. If you want to use Windows Firewall, that's fine, but I should inform you that it only offers very basic protection and doesn't monitor most OUTGOING connections (or any incoming). If you decide to upgrade to a better firewall, you may be surprised to see just how many connections are coming and going to your computer. Your log is still showing an older version of Java. Did you scan before or after updating it? Also...you might want to make sure your clock has the right date. I know UK is ahead of us by several hours, but judging by the time that your scan was made, it seems to me that it still should've been the 22nd and not the 23rd. But I'm tired, so I could be wrong.

Answer»

Hi all,

I have a PC with has been seriously infected with all sorts of rubbish. I have done the USUAL scans, and most of it seems to have been deleted. I have attached the log files.

Cheers

Nick

[recovering disk space -- ATTACHMENT deleted by admin]You're right, it looks like just about everything has been removed. You should close all windows (including this one) and fix the following entries with HijackThis...

O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O20 - Winlogon Notify: pMdcdBtQ - pMdcdBtQ.dll (file missing)

Then if you're up to it, you should run the three scans again just to be sure.

While you're at it, you need a firewall. Without it, you are leaving yourself vulnerable. My suggestion would be Comodo.

Also...
Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new SUN Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Go to add/remove programs and uninstall all old versions.
Be sure not to remove the new version that was just installed.
Download JavaRa.zip and UNZIP the file to your Desktop.
Open JavaRA.exe and choose Remove Older Versions
Once complete exit JavaRA and delete the program.
Run CCleaner.

(stolen from evilfantasy)

How is everything running?Thanks for the reply.

I removed the Hijack This entries, then ran the scans again. SuperAntiSpyware found some tracking cookies, which i had it remove, then scanned it again, and it was fine. All other scans came up clean. I updated Java too.

I use the Windows Firewall, which has always seemed to do the job OK for me. Everything seems to be running pretty smoothly again. I've attached a final Hijack This log.

[recovering disk space -- attachment deleted by admin]Looks clean to me. Feel free to fix these two entries if you wish...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)

Nothing malicious; they're just taking up extra space in the registry. If you want to use Windows Firewall, that's fine, but I should inform you that it only offers very basic protection and doesn't monitor most OUTGOING connections (or any incoming). If you decide to upgrade to a better firewall, you may be surprised to see just how many connections are coming and going to your computer.

Your log is still showing an older version of Java. Did you scan before or after updating it?

Also...you might want to make sure your clock has the right date. I know UK is ahead of us by several hours, but judging by the time that your scan was made, it seems to me that it still should've been the 22nd and not the 23rd. But I'm tired, so I could be wrong.

Solve : Infected?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment