Author Topic: Problems with a virus  (Read 25736 times)

0 Members and 1 Guest are viewing this topic.

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #45 on: June 25, 2007, 01:04:42 PM »
[By the way, what is JT log? Thanks:)
Sorry - I meant to ask for a HijackThis (HJT) log.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #46 on: June 25, 2007, 01:35:57 PM »
[By the way, what is JT log? Thanks:)
Sorry - I meant to ask for a HijackThis (HJT) log.

Thanks.:)
« Last Edit: October 12, 2008, 05:56:51 PM by chinhis13 »

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #47 on: June 25, 2007, 01:52:32 PM »
O4 - HKLM\..\Run: [ScanRegistry] C:\W

is new and looks a bit unusual.

Open My Computer and double click the C: drive.  At the top of the window click Tool>Folder Options>View.  Make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files is not checked.  The look in C:\ for a file named W.  If you find it upload it to Virus Total and post the results.

Have you made any changes to your computer since your last log?


EDIT:  It looks like you've installed Spyware Terminator and it may have something to do with that.

Check your log again and see if part of that line is missing.  Is the "W" the beginning of the word "windows" in a longer path?

Are you still symptom free?
« Last Edit: June 25, 2007, 02:15:21 PM by mauserme »
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84750
  • No support PMs thanks
Re: Problems with a virus
« Reply #48 on: June 25, 2007, 02:34:23 PM »
I have done the uninstallation long long time ago. Is it the files discovered only the remaining? How could I delete them?

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe
« Last Edit: June 25, 2007, 02:35:58 PM by DavidR »
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #49 on: June 25, 2007, 04:31:34 PM »
I have done the uninstallation long long time ago. Is it the files discovered only the remaining? How could I delete them?

A link worth looking at, which is a program removal tool that can remove the remnants of a number of different Norton Programs:
Removing your Norton program using SymNRT

McAfee has an uninstall tool that you could run to ensure any possible remnants are removed.
http://download.mcafee.com/products/licensed/cust_support_patches/VSCleanupTool.exe


Thanks very mcuh.

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #50 on: June 25, 2007, 04:42:39 PM »
O4 - HKLM\..\Run: [ScanRegistry] C:\W

is new and looks a bit unusual.

Open My Computer and double click the C: drive.  At the top of the window click Tool>Folder Options>View.  Make sure Show Hidden Files and Folders is checked and Hide Protected Operating System Files is not checked.  The look in C:\ for a file named W.  If you find it upload it to Virus Total and post the results.

Have you made any changes to your computer since your last log?


EDIT:  It looks like you've installed Spyware Terminator and it may have something to do with that.

Check your log again and see if part of that line is missing.  Is the "W" the beginning of the word "windows" in a longer path?

Are you still symptom free?

Yes, I have installed Spyware Terminatior.
There is no file named W and nothing changes with my last log.
« Last Edit: October 12, 2008, 05:57:11 PM by chinhis13 »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84750
  • No support PMs thanks
Re: Problems with a virus
« Reply #51 on: June 25, 2007, 06:02:00 PM »
Without putting words in mauserme's mouth, but no occurrence of any of the problems when you first had the infection problem, no symptoms related to the infection.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #52 on: June 25, 2007, 08:45:42 PM »
Without putting words in mauserme's mouth, but no occurrence of any of the problems when you first had the infection problem, no symptoms related to the infection.
Yes, that's exactly what I meant.  Are there any Trojan alerts or other signs of malware now?

Let's do this.  Open HijackThis and click to Do A System Scan Only.  When complete place a check mark next to these lines

O20 - AppInit_DLLs: wbsys.dll,

O20 - Winlogon Notify: WBSrv - C:\WINDOWS\

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe


The following two lines are missing from your most recent HJT log but were present in the log you posted 22 June.  They should still be present since this is where the McAfee processes (Network Associates in your current log) are loading from.  If you're sure you've uninstalled all McAfee products and you can find these lines in HJT place a check mark next to them as well

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe



After placing the check marks close all other windows, including your browser, and click the button labeled Fix Checked.  Then post a fresh HJT log so we can make sure these things are gone.

"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84750
  • No support PMs thanks
Re: Problems with a virus
« Reply #53 on: June 25, 2007, 08:52:32 PM »
I gave chinhis13 an uninstall tool link for McAfee, perhaps that has been run and removed the redundant entries ???
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.2.2455 (build 21.2.6096.648) UI 1.0.608/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #54 on: June 25, 2007, 08:56:24 PM »
I'm not sure.  The 2 Network Associates entires under running processes is McAfee but I can't see where it loads anymore.  I think the log might be incomplete.
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: Problems with a virus
« Reply #55 on: June 25, 2007, 10:45:53 PM »
The 04 needs to go and use OTMoveit to kill it

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #56 on: June 25, 2007, 11:57:28 PM »
I had planned on doing just that if the next HJT log doesn't add any information to that line.  I'm wondering if anything got lost in the copy/paste process, so I wanted a new log first. 
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #57 on: June 26, 2007, 08:54:24 AM »
Thanks.
« Last Edit: October 12, 2008, 05:57:57 PM by chinhis13 »

Offline mauserme

  • Massive Poster
  • ****
  • Posts: 2475
Re: Problems with a virus
« Reply #58 on: June 26, 2007, 01:36:54 PM »
Quote
There is still the 023 McAfee Framework Service although I had uninstalled it and click the fixed check button.
But it seems no function, could we ignore it?
We could but it would be better to make it go away.

Open the Misc Tools section in HijackThis and click the button labled Delete and NT Service.  Paste the following in the field and click OK

McAfeeFramework


Did you fix this 04 essexboy and I were discussing or has it dissappeared

O4 - HKLM\..\Run: [ScanRegistry] C:\W
"If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935)

Offline chinhis13

  • Jr. Member
  • **
  • Posts: 40
Re: Problems with a virus
« Reply #59 on: June 26, 2007, 05:44:37 PM »
Quote
There is still the 023 McAfee Framework Service although I had uninstalled it and click the fixed check button.
But it seems no function, could we ignore it?
We could but it would be better to make it go away.

Open the Misc Tools section in HijackThis and click the button labled Delete and NT Service.  Paste the following in the field and click OK

McAfeeFramework


Did you fix this 04 essexboy and I were discussing or has it dissappeared

O4 - HKLM\..\Run: [ScanRegistry] C:\W

When I did a scan with Spyware Terminater, it detected and told me that it is invaild, I have it removed.