Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need opinion on log files


  • This topic is locked This topic is locked
6 replies to this topic

#1 Stormchain

Stormchain

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:09 AM

Posted 22 May 2012 - 04:57 PM

coming from http://www.bleepingcomputer.com/forums/topic454525.html

issue isnt urgent, just checking out if theres some small malware or backdoor or whatever else. dont think there is, no symptoms to speak of yet, but had few toolbars *appear*, and some programs just crash out of nowhere so could use opinion from people who read the logs <3 if there is something wrong, id like to kill it, obviously (with fire or hijackthis) but ya guys appear to be using new tech. do they still do quick fixes?

gmers boxes are greyed out, shows services registry and files only

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 27 May 2012 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Your Hosts file was compromised. Reset it.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Browser are installed by some 3rd party software.

If you want to remove those that you do not want please let me know which one.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 Stormchain

Stormchain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:09 AM

Posted 27 May 2012 - 06:10 PM

thanks, fixed the hosts.

main browser is Firefox, my add ons in it are: brit dictionary, chatzilla, youtube downloader, multifox. havent installed anything else on my own, not using any other browsers either.

as for logs, disabled UAC on my own, keeps forbidding some copypastes in program files. adobe and such updates, do they really matter security wise? old versions work just as fine, downloading something new every week is annoying.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 28 May 2012 - 07:39 AM

Your ComboFix is clean.

adobe and such updates, do they really matter security wise? old versions work just as fine, downloading something new every week is annoying.

There are flaws in these old version and are security risks. They are not updated for nothing by the provider. That makes your computer open for malware infection.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.2.202.233 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Any Browser bar you wish to remove?

#5 Stormchain

Stormchain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:09 AM

Posted 28 May 2012 - 01:00 PM

toolbars have been already eliminated, mentioned them just as a symptom =] thank you for the assistance <3

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 28 May 2012 - 01:42 PM

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:09 PM

Posted 03 June 2012 - 08:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users