Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Interpretation Please- it's been a month and I still can't get rid of the virus!


  • This topic is locked This topic is locked
2 replies to this topic

#1 MenasheK

MenasheK

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:29 AM

Posted 04 July 2011 - 12:29 PM

About a month ago I got a virus that made warning messages pop up onto my screen every few seconds and wouldn't allow me access to the internet. At first, I didn't realize it was a rogue program or scareware trying to get me to purchase their software. After a day or two, I called a computer technician who specialized in viruses to come clean my computer. After a few hours he pronounced my computer clean and took my money. The next few days, I noticed my computer getting slower and slower until it was practically unusable. Instead of calling the technician I paid the same price as one session with him to buy Norton's full package. Over the next month I repeated the same cycle of watching my computer getting slower until Norton began deleting "risks" and reviving the computer again. Unfortunately, the situation has gotten bad enough that the computer goes extremely slow, almost unusable, and Norton no longer picks up any risks or infections. My computer has also begun to take a really long time to start up. I'm not sure what to do. I performed a scan with HijackThis in the hopes that someone will be able to analyze my log and help me out. Any help would be greatly appreciated!

Thank You!Attached File  hijackthis.log   11.29KB   5 downloads

Edited by MenasheK, 04 July 2011 - 12:37 PM.


BC AdBot (Login to Remove)

 


#2 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:01:29 AM

Posted 18 July 2011 - 06:11 AM

Hello and :welcome: I apologize for the delay in responding to your log. We do try to assist as quickly as we can.

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:
  • Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
  • Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
  • Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!



If you still need assitance, please provide the following logs:



Download and Run DDS by sUBs

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please Please copy / paste the scan reults.

DDS.txt

Please attach the second file; Attach.txt.




Download and Run GMER

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Right-click and choose Run as Administrator on GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that may have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one - make sure it is UNCHECKED)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE

#3 patndoris

patndoris

  • Security Colleague
  • 127 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Maryland
  • Local time:01:29 AM

Posted 23 July 2011 - 08:41 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
~Doris~

Proud Graduate of the WTT Classroom
Member of  UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users