Other > Viruses and worms

Please help a newbie (Hijackthis log included)

(1/3) > >>

bohemia:
Hi, I've just gotten a new laptop and am terrified as I keep getting the virus found message - three of them every hour in quick succession.  I don't know much about computers, so would really appreciate some help.  The log for the message read:

24/03/2008 3:21:44 AM   SYSTEM   1976   Sign of "Win32:Agent-SXR [Wrm]" has been found in "w1.m[broken]adway.net/u/_qbotnti.exe" file. 

I'm even more terrified as last time the virus found message popped up, I stupidly closed the window with the X instead of clicking the block button!  I was recommended Hijackthis, but of course have no idea what the log means, so here it is.  I would be very grateful for some help.

DavidR:
Well the detection is good as DrWeb link checker also detects (In file _qbotnti.exe found virus BackDoor.IRC.Qbot.origin). Please modify your post and edit the URL so it isn't active, avoiding accidental exposure to the curious, e.g. "http :// w1 . madway.net/u/_qbotnti.exe"

Thankfully the web shield should be detecting this and only gives one option 'Abort Connection.' This stops the file from being downloaded to your system, that's the good news. The bad news there is something undetected or hidden on your system trying to connect to that site.

What is your firewall (it should be capable of blocking unauthorised outbound Internet Connections) as it is either XP's firewall or disabled ?

You are using the beta version of HJT and that isn't the latest, so you should get the latest one, FileHippo Download - HiJackThis and run it again.

You are also running HJT from the Desktop it should be in its own folder, the above download file should create a folder for it.

Once you have done that post the new log.

bohemia:
Thanks very much for your help.  Since then, avast has located the virus itself on my computer and I moved it to the chest.  It then happened again - the log file is attached.

I have run the new HiJackThis, and attach the log for that as well.

Finally, I downloaded the trial of System Mechanic (in my little panic).  I used it to clean up my start items, I thought, but now I've removed the auto start for the fingerprint scanner I use a lot for internet banking etc.  I really need it back - any tips?  It's still there on the windows startup screen.  It's Protector Suite QL, if that helps.  There was nothing on the settings menu for it that struck me as immediately relevant.

Ok, one more question - is System Mechanic going to interact negatively with avast?

Again, thanks a lot for your help - computers and I have never really understood one another.

Lisandro:

--- Quote from: bohemia on March 24, 2008, 02:22:28 AM ---I've removed the auto start for the fingerprint scanner I use a lot for internet banking etc.  I really need it back - any tips?  It's still there on the windows startup screen.
--- End quote ---
Isn't there a quarantine or restore feature into System Mechanic?

It works perfectly with avast.

bohemia:
There is, but it confused me somewhat - I'm happy to report that there was a repair option for the fingerprint scan after all, and it's back up and running.

I can't believe how quick you guys are with your responses!  This forum is great.

Navigation

[0] Message Index

[#] Next page

Go to full version