We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
System Tool Virus-Please review Hijack This LOG
Options
Comments
-
Update;
I have ran Rkill first of all in safemode with Networking and have the results below;
Rkill was run on 01/03/2011 at 19:52:56.
Operating System: Windows Vista (TM) Home Premium
Processes terminated by Rkill or while it was running:
Rkill completed on 01/03/2011 at 19:52:59.
Then updated MalwareBytes and performed full scan again which has come back with one infected file-Hijack.StartmenuInternet, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\iexplore.exe\shell\open\command\(default)
Should I remove this selected file and can anyone outline next steps, thanks...0 -
Remove it, then goto LOGS and post the WHOLE of the log that was produced:idea:0
-
Log below and it saying to restart the computer, shall I press ok and then leave in normal mode?
Log;
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019
01/03/2011 21:40:30
mbam-log-2011-03-01 (21-40-30).txt
Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 307996
Time elapsed: 45 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Sonia\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
yes - Go for it:idea:0
-
Thanks, just doing this now but is anything else needed after that? On the other thread you are suggesting Spybot and other fixes or is that a worse infection?0
-
I never suggested to use spybot, I asked to switch it off so it wont affect combofix:idea:0
-
sumeet
You need to update the database in Malwarebytes, just press on the update tab when you open Malwarebytes and then click on check for updates.
Start up in normal mode and see if you can update Malwarebytes and then run a full scan.
If Malwarebytes finds anything remove it and then post the log file in your next message0 -
Tried rebooting after deleting previous item above but in normal mode System Tool virus is still there, re running Rkill and MWB quickscan gives results below, anything further I can do?
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 01/03/2011 at 22:19:29.
Operating System: Windows Vista (TM) Home Premium
Processes terminated by Rkill or while it was running:
C:\Windows\system32\userinit.exe
Rkill completed on 01/03/2011 at 22:19:31.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019
01/03/2011 22:25:51
mbam-log-2011-03-01 (22-25-51).txt
Scan type: Quick scan
Objects scanned: 125546
Time elapsed: 5 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
0 -
You still havnt updated mlawarebytes to the latest database (its months behind):idea:0
-
sumeet
You need to update the database in Malwarebytes, just press on the update tab when you open Malwarebytes and then click on check for updates.
Start up in normal mode and see if you can update Malwarebytes and then run a full scan.
If Malwarebytes finds anything remove it and then post the log file in your next message
I did update in safe mode and ran full scan earlier tonight also in safe mode and then deleted Hijack this infection, see halfway up thread but on rebooting to normal mode System Tool is still there and pevents me from getting to MWB in normal mode.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.7K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards