Author Topic: Another koobface victim... hijackthis log inside  (Read 4213 times)

0 Members and 1 Guest are viewing this topic.

ckandzierski

  • Guest
Another koobface victim... hijackthis log inside
« on: January 17, 2010, 01:33:27 AM »
i was/am a victim of the koobface virus.  so far i have
 - uninstalled symantec
 - installed and run avast in both boot and manual launch mode
 - run malwarebytes
 - run superantispy
 - run hijackthis

the log is attached.  am i done with my cleanup or are there other steps required to ensure that my system is clean?

thanks

« Last Edit: January 17, 2010, 01:39:53 AM by ckandzierski »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Another koobface victim... hijackthis log inside
« Reply #1 on: January 17, 2010, 02:44:56 PM »
Could I see the Malwarebytes log please, also can you run OTL as Hijackthis is no longer man enough to find the problems.  You should be able to attach the OTL log rather than paste it 

 OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.
  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
netsvcs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
c:\windows\system32\*.dll /lockedfiles
c:\windows\system32\drivers\*.sys /lockedfiles
%systemroot%\*. /mp /s
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

ckandzierski

  • Guest
Re: Another koobface victim... hijackthis log inside
« Reply #2 on: January 18, 2010, 05:19:15 PM »
thanks for your help.  attaching the 2 logs.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37612
  • Not a avast user
Re: Another koobface victim... hijackthis log inside
« Reply #3 on: January 18, 2010, 05:25:45 PM »
you forgot this one....

Quote
Could I see the Malwarebytes log please,

ckandzierski

  • Guest
Re: Another koobface victim... hijackthis log inside
« Reply #4 on: January 18, 2010, 06:59:22 PM »
sorry about that.  i have attached the first and last malwarebytes logs

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Another koobface victim... hijackthis log inside
« Reply #5 on: January 18, 2010, 11:42:59 PM »
Hmm nothing apparent there what problems are you experiencing ?

ckandzierski

  • Guest
Re: Another koobface victim... hijackthis log inside
« Reply #6 on: January 19, 2010, 12:47:48 PM »
i am not currently experiencing any problems.  my concern is that i had done a less extensive cleanup and the problems went away for a few days and then resurfaced.  i am just verifying that i have done everything i need to do to ensure that the system is clean.  do you think that is true?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Another koobface victim... hijackthis log inside
« Reply #7 on: January 19, 2010, 10:21:19 PM »
As far as I can see there is no apparent malware  ;D

ckandzierski

  • Guest
Re: Another koobface victim... hijackthis log inside
« Reply #8 on: January 20, 2010, 02:32:40 AM »
that's great news!  thank you for all the help and the tools.