Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advise Please


  • This topic is locked This topic is locked
2 replies to this topic

#1 zaza

zaza

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:58 AM

Posted 15 September 2008 - 10:30 AM

Hi everyone,

I have done all the preparation as advised in this forum, not sure if clean,

attached is a copy of HJT and Combofix logs, original HJT log available if needed

please advise,

thank you

original message before topic got moved, "sorry for posting in wrong forum"


I have my friend's pc that im trying to fix, he said that he opened an attachement and all hell brok loos.

I got the pc, first i cant see the desktop or icon, i managed to find the explorer.exe hidden in the localmachinesoftwarewindowswinsdowsNTimage file excution options, i delete it and got the desktop and icons to show.

I started hijack this to do a scan and got norton saying; aec.sys, ALCXSENS.SYS, asyncmac.sys ins system 32 infected by Hacktool.rootkit and was automaticly deleted.

In the quarantine i see those and many others including:

(random.tmp files); W32.netsky.Da@mm!enc

figaro.sys ; Trojan.Virantix.C in dllcache

and strangely wuauclt.exe as trojan horse, i know its windows update, dont know why norton quarantined it.

bravisax and many other stuff going on, which confuse me more on the correct procedure to follow to clean this thing so here is the hijack this log, I hope someone can steer me in the right course of action.

many thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:58 AM

Posted 27 September 2008 - 10:45 PM

Hello zaza,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:58 AM

Posted 06 October 2008 - 05:14 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users