Results show clean, still infected...

**jholland1964** · 09-16-2008, 03:09 PM

Hi Gilbert the second HJT log is STILL the old version. I gave you a link to the new version, Please use it. You need to use the NEW version please. I have some fixes I want you to do but I want the new version of HJT.

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now I want to ask you about this program entry showing in your HJT log and in your combofix log and that is this program;
C:\Program Files\knob rect user
C:\Documents and Settings\dkd\Application Data\knob rect user
C:\Program Files\Circle Developement
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
All are connected as they all were downloaded at the very same time on August 30 and I can find absolutely NO information about them. Any pages which happen to come up when doing searches are in Chinese.

**gilbert wham** · 09-17-2008, 03:23 AM

Gah! Sorry, d/l'ed V2.02 then ran the old one from the desktop. New log attached. As for that entry, I have no idea. It was a saturday, which means I was nowhere near the PC. However, we've had people in here working, so I suspect someone's been looking at dodgy sites on their teabreak...

**jholland1964** · 09-17-2008, 01:50 PM

There are unknowns I really wonder about so please do this;
Go to http://virusscan.jotti.org/

Upload the following files one at a time;
C:\Program Files\knob rect user
C:\Documents and Settings\dkd\Application Data\knob rect user
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
C:\Program Files\Circle Developement

This site will scan each file by various virus scanners and produce a report telling us if it is an infection. If it isn't we won't worry about it, if it is hopefully we will better know how to remove it.
Post back here with the results for each file.

**gilbert wham** · 09-18-2008, 02:42 AM

Yup. That's them right there. Every one contains malware. Details attached.

**jholland1964** · 09-18-2008, 09:28 AM

I would like to have you use ComboFix to remove these files.
Make sure that Combofix is still on the desktop. If it is not then this will not work.

Open Notepad and copy/paste the text in the below

KILLALL::

FILE::

C:\Program Files\knob rect user
C:\Documents and Settings\dkd\Application Data\knob rect user
C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default
C:\Program Files\Circle Developement

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt

Post back here with that log.

**gilbert wham** · 09-22-2008, 08:19 AM

OK, sorry for the delay; here's the combofix log. n.b. someone has been fiddling with this while I've not been around (run CCleaner, avast & killbox as far as I can tell). I hope it hasn't buggered up the Combofix run...

**jholland1964** · 09-22-2008, 09:24 AM

You have somebody else running fixes? All of those you mention were installed 9/19/ 2008, the day AFTER I requested the CFscript be run.
Is there another user on this computer who has perhaps posted at another forum? Killbox is generally recommended at forums for clean up, not something one would ordinarily use everyday. CCleaner and Avast, yes, but not Killbox unless told to do so. Killbox is a fine program but wonder who ran this and what it showed. Combofix obviously removed the files requested and others associated with it.
Is there a Killbox log? If so, post that too.

**gilbert wham** · 09-23-2008, 07:28 AM

No, I can't find a killbox log. I spoke to him briefly about it; he did it while I was away (there was a party here & he went & did his geek thing in the corner - like you do...). He said it picked up a couple of bits, but the machine was still acting up till I ran the combofix script. It appears to be ok now as it goes.

**jholland1964** · 09-23-2008, 09:19 AM

Originally Posted by gilbert wham

No, I can't find a killbox log. I spoke to him briefly about it; he did it while I was away (there was a party here & he went & did his geek thing in the corner - like you do...). He said it picked up a couple of bits, but the machine was still acting up till I ran the combofix script. It appears to be ok now as it goes.

I love computers but I sure wouldn't attempt to clean up a computer without somebody asking me first...anyway.
Looks like combofix took out the baddies and all the files associated with them too.
Run a new HJT just so I can take another look.

Thread: Results show clean, still infected...

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions