Hijack Log After Running SpyBot to get rid of Virtumonde
- Thread starter Jim43
- Start date
- Status
just for shits nd giggles 1 tried to run the eset scanner with Firefox...same results, just wouldn't work no matter what I did, it started to scan but again got the "can not get update, is proxy configured?" at 50% finished this time.
1'm not using any proxies, although hell, 1'm not really shure what a proxy is so 1 guess it's possible.
1'm not using any proxies, although hell, 1'm not really shure what a proxy is so 1 guess it's possible.
IndiGenus
Emeritus- Malware Team
Let's try a different scanner. You can use Firefox with this one.
Go to Kaspersky website and perform an online antivirus scan.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
well I finally got the eset scanner to work...it scanned what seemed to be all of my files (took awhile) and said that not threat was detected.
It did not give me a "details tab" and I checked the option "remove at close".
So I guess I don't have the report, after I hit finish it just recommeded I install eset nod32 but I didn't, then there was no other option to get a report.
It did not give me a "details tab" and I checked the option "remove at close".
So I guess I don't have the report, after I hit finish it just recommeded I install eset nod32 but I didn't, then there was no other option to get a report.
I think it's cleared out out my system...but do you still want me to run the kaspersky?
what kind of virus was it anyway?
Oh and should I get rid of what "combofix" left behind now ? I could just delete the "recycle" folders in each of my partitions manually...and there's nothing in them anyway, I wonder why they were created.
Thanks! I'll continue to follow your lead!
what kind of virus was it anyway?
Oh and should I get rid of what "combofix" left behind now ? I could just delete the "recycle" folders in each of my partitions manually...and there's nothing in them anyway, I wonder why they were created.
Thanks! I'll continue to follow your lead!
IndiGenus
Emeritus- Malware Team
No need to run Kaspersky then, we can wrap up.
You had Vundo Malware.
Uninstall Combofix
- Click START then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
- Delete the following: ComboFix and its associated files and folders.
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
Download Security Check by screen317 from here or here.
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
IndiGenus, Thanks alot brotha! You have my gratitude! thanks for the help!
Here are the results:
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
Here are the results:
Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
`````````End of Log```````````
oh on a sidenote, after uninstalling combofix the "recycler" folders are still there in every partition, it says they have 85kb when I put the mouse over them but there's nothing inside when I doubleclick them.
Is it ok to just delete these "recycler" folders manually?
Also, should I delete the "hijack this" program or should I leave it incase I need it later?
thanks again!
Is it ok to just delete these "recycler" folders manually?
Also, should I delete the "hijack this" program or should I leave it incase I need it later?
thanks again!
IndiGenus
Emeritus- Malware Team
If there's nothing in the folders just delete them.
You can uninstall Hijackthis also. Use Add or Remove Programs in Control Panel.
Security check looks good.
In addition to updating and using what you currently have you may want to consider the following:
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here
Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.
Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.
I'll leave the thread open a few days in case you have questions or issues.
Regards,
Dave
You can uninstall Hijackthis also. Use Add or Remove Programs in Control Panel.
Security check looks good.
In addition to updating and using what you currently have you may want to consider the following:
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here
Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.
Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.
I'll leave the thread open a few days in case you have questions or issues.
Regards,
Dave
Thank you much Dave! I greatly appreciate all the information.
Just one last question I have is: I never use internet explorer I only use firefox so in this case should I still install "Spyware Blaster", or is this only for use with Internet Explorer?
Do you recommend internet explorer over firefox?
Thanks!
-Jim
Just one last question I have is: I never use internet explorer I only use firefox so in this case should I still install "Spyware Blaster", or is this only for use with Internet Explorer?
Do you recommend internet explorer over firefox?
Thanks!
-Jim
IndiGenus
Emeritus- Malware Team
SpywareBlaster works with most browsers. Check out the following page for a little more info.
http://www.javacoolsoftware.com/spywareblaster.html#Browsers
Personally, I use Firefox probably 98% of the time. But occasionally need and use IE. IE has gotten better but I have all my add-ons set up and running for Firefox. It's really a preference thing....
Good luck Jim and glad we could help you out,
Dave
Hey are you still there, I've run into a problem.
Well the "recycler" folder will not delete, when I try to delete it, it gives me this message:
"Error deleting file or folder:
Cannot delete RECYCLER: access is denied
Make sure the disk is not full or write protected and that the file is not currently in use"
when I point the mouse to the "RECYCLER" folder it says :
size: 85 bytes
folders:
I think it was created when I ran combofix, but possibly Spybot because that was the program I ran before combofix.
I followed your instructions to uninstall combofix and it said that it had uninstalled correctly, but then I did have to delete other Combofix files manually after the uninstall.
thanks again for any advice,
-Jim
Well the "recycler" folder will not delete, when I try to delete it, it gives me this message:
"Error deleting file or folder:
Cannot delete RECYCLER: access is denied
Make sure the disk is not full or write protected and that the file is not currently in use"
when I point the mouse to the "RECYCLER" folder it says :
size: 85 bytes
folders:
I think it was created when I ran combofix, but possibly Spybot because that was the program I ran before combofix.
I followed your instructions to uninstall combofix and it said that it had uninstalled correctly, but then I did have to delete other Combofix files manually after the uninstall.
thanks again for any advice,
-Jim
excuse me, not the windows defender, I mean to say the "Microsoft Windows Recovery Console"...could those "RECYCLER" folders be related to that program? I can't find it, it's not listen under programs.
- Status