Please look at my HiJackThis log file and tell me if I have a problem

[bobrafalovich]

Hi,

My computer is acting very strange.  I have run several virus scans and have come up with nothing.
Please someone take a look at my attached HiJackThis log file and tell me if I have a problem.

Thanks

Bob Rafalovich

[FreewheelinFrank]

You have MacroVirus which is a fake AV product.

http://www.emsisoft.com/it/malware/?Adware.Win32.MacroVirus

Try a scan with a-Squared free and also:

SUPERAntiSpyware Free
Malwarebytes' Anti-Malware

When you have finished, check for out-of-date and insecure software and update- this will reduce the risk of similar infections.

Secunia Online Software Inspector (OSI)
Secunia Personal Software Inspector (PSI)

[CharleyO]

***

An analysis of your HJT log shows the following :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Unnecessary (deactivated) entry that can be fixed. Related to Yahoo Companion.

O4 - HKCU\..\Run: [MacroVirus] C:\Program Files\MacroVirus\MacroVirus.exe -boot
This is a rogue security program sometimes installed by Trojan exploits. But, it is possible the user downloaded this program.
http://www.emsisoft.com/it/malware/?Adware.Win32.MacroVirus

O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.64.69.12.22.downloads.estara.com./as/OneCCDM.php?template=306633&sessio nid=1414138019_75.170.62.207_3467&=&req=1209586278206OneCC.cab
It is not needed to fix this one if you recognize estara.com. Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed.

O17 - HKLM\System\CCS\Services\Tcpip\..\{47EAA8BF-2DFE-4509-8DA9-035DF93B79B4}: NameServer = 205.171.3.65,205.171.2.65
Do you know the IP or Domain '205.171.3.65,205.171.2.65'? If not, fix this entry. This could be your ISP but check to be sure if it is or is not.


There were a few other questionable entries but research checked them out as OK.


***

[bobrafalovich]

Thanks FreeWheelinFrand and CharelyO,

Your suggestions were correct and now my computer seems to be doing well.
Yes MacroVirus.com is a scam web site and so is their product.
I had to call my credit card company and dispute the charge to get my money back
Despite their claim that the product was 100% refundable within 60 days.
Someone needs to do something about scam antivirus software companies that are really
virus creators and spreaders

[DavidR]

That someone starts with you, by reporting it to the police as it would fall under fraudulently obtaining money or something along those grounds.

However, you have to realise that you must be vigilant to this sort of scam, the internet is no different to normal life. If someone said to you in the street or at your home that your house was about to be burgled and I can make sure it doesn't for the very small fee of XX; you would be highly suspicious of that.

Edit:
As you paid by credit card there is a high chance that your identity could be stolen so you now have to be extra vigilant, if any information you gave is used in other areas and you should change any credit cards passwords or pin, etc. possibly go so far as to have the card replaced with a new one. Whilst this could be a pain in the rear if you have any regular payments that are paid by card you would have to update those when you got your new card.