Malware-I am infected

View previous topic View next topic Go down

Malware-I am infected

Post by okcomputer on 12th May 2010, 4:26 am

Hello,

My computer was running slowly which prompted me to run a scan. I believe I have Malware/Trojans on my computer…some of the messages that appeared were:

1. HTML/Infected.WebPage.Gen
2. Java/selace.k

Could someone help me with next steps? I followed the beginner’s guidelines and attached is my OTL log.

Thank you in advance for your help!

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 12th May 2010, 10:34 pm

Hello.
I can't open docx files, I don't have Office 2010 or 2009, or whatever the latest version is, please save the logs in a Notepad file instead.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 12th May 2010, 11:23 pm

Log 1 of 2 (OTL) attached

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 12th May 2010, 11:24 pm

Log 2 of 2 attached. Thanks!

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 13th May 2010, 10:09 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 14th May 2010, 3:52 am

Svchost.exe is detecting antivirus and antispyware real time scanners to be active, but it is not listing the names...

I even uninstalled Avira, and the only other product in "internet security" is Trend Micro and that is completely off (and marked so in internet security).

Thoughts?

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 14th May 2010, 9:33 am

Hello.
Please boot to Safe Mode and run Combofix there, if Combofix warns that AV software is still active, ignore the warning, Safe Mode will keep them shut off.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 14th May 2010, 1:12 pm

Thanks for the tip! Combofix log attached.

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 14th May 2010, 1:17 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 15th May 2010, 1:20 am

I'm not sure if I deleted ComboFix...it started up like it was running the program. Is it important to delete it?

The computer appears to be running faster! I did a virus scan with a new software I installed (Trend Micro) and it caught only one virus and quarantined it (JS_Agent.DCD).

Thank you for all of your assistance!!

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 15th May 2010, 10:25 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 16th May 2010, 2:01 pm

Here is the log for the ESet scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a005e8a30b5073469c7a2fb87d9bb433
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-16 06:29:38
# local_time=2010-05-16 02:29:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=513 16777045 100 100 0 108840778 0 0
# compatibility_mode=5892 16776574 100 100 34196520 110584011 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=177897
# found=1
# cleaned=1
# scan_time=14893
C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Malware-I am infected

Post by Belahzur on 16th May 2010, 7:57 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Then download and install [You must be registered and logged in to see this link.]

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.9 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Malware-I am infected

Post by okcomputer on 17th May 2010, 2:43 am

Everything appears to be working very well and the speed is much better! Was my computer badly infected? Is there anything else I should do?

I will be making a donation when PayPal is working again.

Thank you for all of your assistance...it is truly appreciated!!!!

okcomputer
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-05-12
OS OS : Vista
Points Points : 24148
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum