Junior Member
Was stupid enough to open a file sent over msn.. and now whenever I open MSN several other processes come up and a download starts trying to instal a web bar on IE. Spybot found several entries and I removed them but this did not solve the problems.
My hijack this log is attatched. Any help would be greatly appreciated. If there is a specific way that would deal with it on any computer then this would be great as then i can tell others who have the problem.
Cheers
Tom
Administrator
There are definitely several nasty items showing in your log. I see you are running Spysweeper. This is an excellent program. I suggest that you follow all of the instructions in this thread READ ME Before Posting A Request For Assistance!
You already have Spybot so you should also follow PP's advice and download AdAwareSe and Ewido. Follow his instructions for the running of your anti-virus program, AdAwareSE and Spybot AND Ewido in Safe Mode. Have each program remove whatever it finds. Also add Spysweeper to this list of programs to run in SAFE MODE and also have it fix all it finds. Save the logs of Ewido, Spysweeper and make note of the names and locations of items found and removed by both Spybot and AdAware.
Once you have completed all the steps given in PP's thread then reboot to normal mode and run a new HJT scan and post that log, along with the other logs back here and we will see where things stand.
Judy
Junior Member
Ok ran everything, as said in the READ ME before posting topic. Spybot SD came up with a few tracking cookies, nothing special. and my SpySweeper was a free trial which is now out of date so I cannot update the definitions.
Adaware came up blank, but AVG AS (the new ewido) came up with a few things which were deleted/quarantined.
Included are my new HJT log. The AVG scan was too big to put on but the things it found were:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
C:\Documents and Settings\Ben Harding\drsmartload1135a.exe -> Downloader.Adload.fu : No action taken.
C:\WINDOWS\Downloaded Program Files\speedtest2.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : No action taken.
After the log i quarantined them.
Anything else to do? I'm not reinstalling MSN yet as last time i tried it crashed halfway through and launched all the things likned with the virus. Though this was before the scans.
Tom
Guest Admin
Originally Posted by tomindover
FYI, .pif files are known as Program Information Files which are DOS-based and command Windows on how to run a Non-Windows program. As you have seen, you NEVER open any kind of these type files. Good luck on getting your problem solved....
Charlie
IANAG Administrator
Administrator
Tom, we really need the full AVG log and full Ewido log. Even though you said items were cleaned or quarantined we need to see exactly what they were and their exact locations. In some instances, even though the programs have cleaned the offending files or programs there could be another step of manual cleaning required to be certain that everything is removed. Often times these nasty items create new files, which by name may look like something else and therefore not picked up by the scans and a manual search must be done.
Even though you feel the file is too large please try to post it. If the size is the problem then use a zip program to post them or copy/paste them in a thread. Do them one post at a time if you feel better about it. Generally we can receive most logs. But we do need to see the complete logs.
Also, your HiJackThis log shows that you have used msconfig to disable some start up programs. We need to see those IN the log. Please go back in and re-enable all those you have disabled via msconfig and run a new HJT scan.
Junior Member
ok the AVG anti spyware log is here as its over the 19.5kb limit:
http://farmerfred89.tripod.com/avg_as_scan.txt
The startup processes I stopped were:
msmsgs - "C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
The online scans did not work yesterday when I tried, but now panda scan is working, I shall run this and post again with the log (probably tommorrow morning)
The file quarantined by AVG anti virus is:
File Name - installer.exe
File Path - C:\Documents and Settings\Ben Harding\Local Settings\Temp\
Discovery - Trojan horse Collected.AF
File Size - 53.5KB
Healable - No
Source - Backup copy
Status - Infected
new HJT log will be posted along with the panda scan log tommorrow.
Thanks for the help so far
Tom
Administrator
We do need that Ewido log. I hesitate to give any recommendations for fixes until I see these full logs. They are VERY important.
One thing you can do is download and run CCleaner. You will find this in PP's link I gave you. You should have done this AFTER you ran the online scans and the first thing after booting into SAFE MODE and running the other programs, including Ewido. Most of the spyware found by your AVG were tracking cookies, which would have been removed by CCleaner before the scan took place. Then none of them would have been listed in the log, hence making the log much smaller.
Please do the steps as listed and post back with the Ewido log and a new HJT log. Please have all these programs, including your AVG, Ewido(saving the Ewido log), AdAware, Spybot FIX whatever they find. THEN run the new HJT, save the log and post it and the Ewido log here. I will not need the AVG log.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote