Author Topic: malware  (Read 11230 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82290
  • No support PMs thanks
Re: malware
« Reply #15 on: August 01, 2008, 12:31:55 AM »
When you click the Reply button, there is an Additional Options link, this expands the options to attach a file, that can be an image file or a text file (.log or .txt).

It is the same as the How to post a screen shot info link I gave earlier, you just navigate to the hijackthis.log file and select that.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: malware
« Reply #16 on: August 01, 2008, 12:43:12 AM »
Hi i was wondering where to attatch the hijackthis copy? i did one on the 29 th and don't knowhow '' i went to insert image but i get image words on line is all tyty
With the marvels of copy-n-paste

Run HijackThis and select Do a system scan and save the logfile then when in Notepad click on Edit then Select all ( Ctrl+A ) then Copy ( Ctrl+C ) then Paste ( Ctrl+V ) into an open reply to your post here.

How To Copy n Paste:
http://www.royhooper.com/copy.html
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline Shortiehi5

  • Newbie
  • *
  • Posts: 18
Re: malware
« Reply #17 on: August 01, 2008, 01:57:54 AM »
  Hi  & thank you for the info' and much appreciated !''But it says i can not as its over 10000 charachters? can this happen ? ty Shortie

Offline Shortiehi5

  • Newbie
  • *
  • Posts: 18
Re: malware
« Reply #18 on: August 01, 2008, 02:03:39 AM »
  Hi i have 'i hope attached my hijackthis file !!  lol am so new to forums  so sorry if i 'am or seem confused , but its slow but hope to get there!!lol ty all!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82290
  • No support PMs thanks
Re: malware
« Reply #19 on: August 01, 2008, 02:38:21 AM »
You attached it OK, twice ;D
I assume they are the same, I've only opened the last one.

I don't know where  you got your copy of HJT but it is out of date, get it here:
FileHippo Download - HiJackThis and post the contents of the HJT log file here. This file is an executable installation file so you won't have to unzip and extract the files it will create its own program folder.

Here is a helpful tutorial - HJT Information HiJackThis Tutorial.

So it would be best to get the new version and run the log again, now you know how to attach it.

If this entry appears the next time you Run HJT it can be fixed.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Other than that I don't see anything obvious, but we can check again when you run the latest version of HJT.

Also you don't appear to be running an active firewall, or it is disabled or it is the XP firewall.
Your firewall should be capable of blocking unauthorised outbound Internet Connections.

Windows XP's firewall is better than no firewall but, it lulls you into a false sense of protection, it doesn't provide outbound protection. Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline PiCo

  • Jr. Member
  • **
  • Posts: 54
    • PiCo-site
Re: malware
« Reply #20 on: August 01, 2008, 03:10:26 AM »
If this entry appears the next time you Run HJT it can be fixed.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
That is Windows Live Messenger  related, it's ok. More info here.
« Last Edit: August 01, 2008, 03:15:15 AM by PiCo »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82290
  • No support PMs thanks
Re: malware
« Reply #21 on: August 01, 2008, 03:17:15 AM »
Thanks, you have to wonder why they are so obscure in the naming of it.
As Shortiehi5 was running an old version of HJT that may be why it shows the (no file) as it used to report similar issues with avast. This is also why I said to check against the next run of HJT.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline PiCo

  • Jr. Member
  • **
  • Posts: 54
    • PiCo-site
Re: malware
« Reply #22 on: August 01, 2008, 03:21:00 AM »
I have a WinPatrol Hijack log which also doesn't give any info, just O2 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045}.

I guess Micro$oft doesn't really bother with names :P

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82290
  • No support PMs thanks
Re: malware
« Reply #23 on: August 01, 2008, 03:29:54 AM »
Yes, but it doesn't give the (no file) suffix, which was a common problem with the old 1.99 version of HJT. Not so much of a problem with HJT 2.0 and usually if that reports (No file) it is a redundant entry.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4793.544) UI-1.0.415/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Shortiehi5

  • Newbie
  • *
  • Posts: 18
Re: malware
« Reply #24 on: August 01, 2008, 08:48:51 AM »
 ;D   Here is a big Grin as i am happy i have attached it !!lol ''but 2 times lol  ok i now know how...So i work in the morning ''just friday mornings so i'll have to go and get some ZZZZZEEeeeZZ for now ' i'll be back on friday night 'i hope unless the dog eats my connection, while i am gone...no she sleeps as she pouts when i leave her lol  >>..  But hey  you all have been simply amazing!!  i wish i could do some thing for all of you!!!  ty so very much!!!!  And i will do what you  all have so sweetly asked me to do !!and get back with it  !!tyty..Shortie   :)

Offline Shortiehi5

  • Newbie
  • *
  • Posts: 18
Re: malware
« Reply #25 on: August 02, 2008, 02:21:54 AM »
Hi  i am back and i am hoping this was done right!  lol  please feel free to let me know thank you ever so much!! I never thought i could do this you are all amazing with being so helpful!!tyty  Shortie 

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: malware
« Reply #26 on: August 02, 2008, 03:01:07 AM »
Shortiehi5 close all browser windows then select the following then Fixed checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 <== make the home page Google as it loads a lot faster
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline PiCo

  • Jr. Member
  • **
  • Posts: 54
    • PiCo-site
Re: malware
« Reply #27 on: August 02, 2008, 03:10:51 AM »
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Do NOT delete this one! It's Windows Live Messenger related, see 7-8 posts above  ;)

But why delete all the other stuff? The default pages and stuff in IE that is.

Offline wyrmrider

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1298
Re: malware
« Reply #28 on: August 02, 2008, 03:45:07 AM »
PiCo
I went to the posts labeled reply 7 and 8 on page 1
what exactly are you referring to?

Offline PiCo

  • Jr. Member
  • **
  • Posts: 54
    • PiCo-site
Re: malware
« Reply #29 on: August 02, 2008, 03:49:31 AM »
PiCo
I went to the posts labeled reply 7 and 8 on page 1
what exactly are you referring to?
No, I ment in this page  :)
That would be reply number 20!

Going to sleep now, have a good night!