Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log for Review


  • This topic is locked This topic is locked
2 replies to this topic

#1 endtrust

endtrust

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 24 November 2008 - 11:31 AM

Last week I ran a remote scan on this PC using Symantec Corporate server. It found and quarantined "InfoStealer". The following day, the same and more issues began appearing on this machine.

I am trying to determine what is happening on this PC at the office. The user says it is giving popups on his browser. It came up with "WinLogin.exe" shutdown. Message saying "Windows does not recognize file tbejejtm.ddl". Also, he mentioned a message saying "Windows does not recognize ctfmon.exe". Yellow triangle showing in taskbar saying, "Adware/Spyware found on your PC". When he clicked on the icon, it attempted to induce him to download some software, which he did not do.

I logged onto the system as "Administrator" in order to run the HJT program.

Thank you for your help.

Attached Files


Edited by endtrust, 24 November 2008 - 06:48 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 09 December 2008 - 06:55 AM

Hello endtrust,

If this is an office computer, then your IT department would be a better place to go with this. We are volunteers with a huge backlog, and they get paid to take care of problems like this.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:52 PM

Posted 20 December 2008 - 07:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users