Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with gadcom.exe. I think I removed it, just need a confirmation


  • Please log in to reply
1 reply to this topic

#1 gorobca

gorobca

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 05 January 2009 - 01:43 AM

Hi:

I was recently infected by a malware. My firefox suddenly started opening new tabs with advertisements, my Windows security settings were set to OFF, and when I tried to resume Windows Automatic Updates I got an error 1034 (or 1054?). Yesterday I ran a full scan using AVG 8.0 and it detected gadcom.exe. Today, AVG automatically detected SHeur2.JCS

I was able to follow some of the advice given to other users in this website and the problem seems to be gone. However, I'd like any assistance to ensure that the malware was completely removed and there are no residual effects.

Here are the steps I followed:

- Disabled Win XP's System Restore
- Uninstalled AVG (I wanted to just disable it, but I couldn't find any option to simply disable AVG)
- Ran Kaspersky (see attached log "kaspersky report.txt")
- Ran HijackThis (see attached log "HJT BEFORE CF.txt")
- Ran ComboFix (see attached log "ComboFix.txt")
- Ran HijackThis again (see attached log "HJT AFTER CF.txt")

As I was running ComboFix, the following message was displayed within the DOS window where combofix was running: "FINDSTR: Cannot open temp01." Is this something to worry about?

Again, I don't see any of the problems I encounter initially, but if anyone can take a look at the log files and let me know if there are any further actions to be taken I'd really appreciate it.

Thanks in advance for your help.

Gorobca

Attached Files



BC AdBot (Login to Remove)

 


#2 SpotCheckBilly

SpotCheckBilly

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Twin Cities, MN
  • Local time:02:16 PM

Posted 18 January 2009 - 06:51 PM

Hi Gorobca

Welcome to the BleepingComputer forums.

We apologize for the delay in responding to your request for assistance. Every one of our team members is a volunteer and unfortunately, there are often just not enough to keep up with demand. Thank you so much for your patience.

If your issue has been resolved or you have received help elsewhere, please post a reply here and let us know so that we can close this thread.

If you still need assistance, my name is SpotCheckBilly (SCB for short) and I will be happy to help you.

Before proceeding, read >>THIS TOPIC <<. Also read the Forum Guidelines at the top of this page.

DO NOT attach files unless requested to do so. Instead, copy/paste them into the message reply. Thank you.

The first thing you need to do is to Uninstall Combofix.
  • Click START=>RUN
  • Type Combofix /u in the runbox (make sure you add the space in between the x in Combofix and /u)
  • Click OK

    Posted Image

Finally:

Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.NOTE: Before scanning, make sure all other running programs are closed
    There shouldn't be any scheduled antivirus scans running while the scan is being performed.
    Do not use your computer for anything else during the scan.

  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click Yes to the Optional_Scan
  • >>Follow the instructions that pop up for posting the results.<<
  • Close the program window, and delete the program from your desktop.
I look forward to your reply. -- SCB :thumbsup:
Posted ImagePosted Image
ChrisRLG's Computer Safety Online

"I was worried 'bout rich and skinny,
'til I wound up poor and fat"
- Delbert McClinton
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users