Need help on Hijack log

[Crown]

Hey forumers, Im new here and never thought I should end up writing here - but I think I have gotten a virus and I really want to get rid of it, but its no option to formate for the time being (got extremely important examns comming up and I dont have all the programs I need for the examn so I can reinstall them)

The problem occured when I catched a Trojan virus. I had trouble starting my computer, and after I got it up - took a bout 5 hours - then my Anti-virus went into alert mode and I scanned and found and deleted the trojan virus and the map it was located in (some WC3 no CD cracky thing).
But now even after I deleted there seems to be occuring strange things which never happened before.

First my sound was totally gona, so I had to reinstall my sound. Ok I did that.
Then my wireless connection was gone, and I had to manually get it back on.
Now, my anti-virus wont update automatically - which as far as I know is a normal procedure for Viruses to shut down auto-opdate.

So I came to this forum for help - please look through my log and tell me what might be wrong!

[jholland1964]

Honestly am not seeing much within the logs to tell me anything is wrong. Have you followed ALL of the steps here

I am not certain what you mean by this;

the map it was located in (some WC3 no CD cracky thing).

A trojan and virus are two different things...what was the name of this item found? Do you have a log from the anti-virus scan? It is kind of hard to tell you for certain what to do unless we know what we are dealing with.

[Crown]

Hey Jholland, thanks for the reply.

1: I have followed all steps as througly as possible for me.

2: I meant that I have deleted the map in which the Trojan was found after I deleted the Trojan through Symantec anti-virus.
The trojan was named something like "warcraft1.21a.exe" and that was a file I had downloaded to use as a NoCD crack for my warcaft 3 game (A computer game).
The crack was not needed because the latest patch for warcraft 3 made it so you could run the game without CD, so I left the file alone. Then later I found out it was a Trojan.

I am not sure what a Trojan really is, and not sure what It can do, after I deleted the .exe file. Can it really do those strange things I talked about? (Shutting the sound, wireless and anti-virus update down)? And if it can, how to stop it now?

[jholland1964]

Oh absolutely a trojan can do all of those things. Trojan horse, or simply trojan, is a piece of software which appears to perform a certain action but in fact performs another. Trojans can do any number of things, depending on the type of trojan it is...

Allowing remote access to the victim's computer;
Spreading other malware;
Logging keystrokes to steal information such as passwords and credit card numbers
Phishing for bank or other account details, which can be used for criminal activities
Installing a backdoor on a computer system
Opening and closing CD-ROM tray
Playing sounds, videos or displaying images.
Calling using the modem to expensive numbers, thus causing massive phone bills.
Harvesting e-mail addresses and using them for spam
Restarting the computer whenever the infected program is started
Deactivating or interfering with anti-virus and firewall programs
Deactivating or interfering with other competing forms of malware
Randomly shutting off the computer

Not all of them do these things and ALL of them rarely do all of the above.
I have one more program I want you to run;

1. Print out these instructions as we will need to close every window that is open later in the fix.
2. Download Malwarebytes' Anti-Malware, or MBAM, from the following location and save it to your desktop.
   
   Malwarebytes' Anti-Malware Download Link
3. Once downloaded, close all programs and Windows on your computer, including this one.
4. Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer.
5. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
6. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the Ok and you will now be at the main program.
7. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning .
8. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan.

9. When the scan is finished a message box will appear. You should click on the OK button to close the message box and continue with the removal process.
10. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.

11. A screen displaying all the malware that the program found will be shown You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine.

12. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log , save it for posting here later.
You can now exit the MBAM program.
Post back here with that log.

[Crown]

I think I already remoed most of the adaware or such when performing the AVG scan, so I dont seem to have anything when running this program.

I'm just still concerned, because even though I have made my sound work again, and my wireless, I have problems getting my anti-virus program to auto-update. And on top of that, the examns are nearing (next week), so im allways thinking "what next"?

Is there any chance that there wont be a "next time" if i do nothing but sit and wait?
Will it help to formate the computer after my examns?

Right now im thinking - that Trojan creator might be a kid without a life who wanted to have some "fun", and maybe, if Im lucky - he was just playing around with some Trojans, because I seem to be able to repair nearly all the damage the trojan have made thus far - and im pretty bad at this computer stuff.


Btw I really appreaciate your help jholland

[jholland1964]

Crown, how about running one more program...just to see...

• Download combofix.exe by sUBs to your computer's Desktop.
• Alternate Download
• (If you already have a previous version, delete it and download a new version).
• Double click combofix.exe & follow the prompts.
  Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

• Produce a log for you. ( C:\ComboFix\ComboFix.txt)
• Restore your Internet connection.

IMPORTANT:

• Do not use your computer while Combofix is running.
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Post the log back here and we can take a look.


Next please run a Full Scan with HiJackThis

**** Before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray. Make sure that Internet Explorer is NOT running! All HJT scans must be done in Normal Windows boot, unless you are instructed to do otherwise.

**** Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post (scroll down).

Then post back here with the ComboFix log and the HiJackThis log.
Judy

[Crown]

Ok, I did it
Nothing has been wrong with the computer for the past two days, so my hopes are rising.

Just wanna say one more time that i really appreciate your help and effort.

[jholland1964]

Things look pretty good. My one suggestion is to download and install SpywareBlaster, a must have program and it is FREE. Will certainly add more protection to the computer.