Need help with a virus

[Guest]

[ericd]

Is your PC Running OK?

Are the scans removing threats found?

Josh

The scans are removing the threats and the computer is running like it used to.  Is it fine or is there something else I should do?  Thanks for all the help.

[.FaZio93.]

hijack this?

[grayhair]

The scans are removing the threats and the computer is running like it used to.  Is it fine or is there something else I should do?  Thanks for all the help.

   What a journey you seem to have had.  If I could ask, what firewall are you using? what anti-virus are you using?  I used to have "stuff" get on my computer also (what led me to Comodo).  I now use Comodo firewall, and no more "stuff."

SELF EDIT:  I read back and see what firewall and AV you have.  I would drop the Comodo ver.2 simply because the Comodo team stopped doing much of anything to keep that going some time ago.  Right now I am using a trial of Avast while waiting for CAVS3's release.
   Are your bugs all gone?  Hopefully.  You could run other scans like CCCleaner to clean up any left over registry items, or even Spybot--even though it gets a thumbs down from some here (although sometimes I see it find "stuff" the other scans miss).  Maybe do as fazio93 suggested, and run HijackThis (you could post a log here for someone to analyze).  But, ultimately you need to determine when you machine is cured.  Sounds like you did a good job.  Congrats!

[3xist]

The scans are removing the threats and the computer is running like it used to.  Is it fine or is there something else I should do?  Thanks for all the help.

It does sound like your cured.

Perhaps multiple people can Analyze your HijackThis Log which you can download
here.

Josh

[ericd]

here is a HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:09 PM, on 9/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs:  C:\WINDOWS\system32\guard32.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

--
End of file - 2138 bytes

[.FaZio93.]

i've always let other analyze my logs, but from what i see, it looks clean.
but let someone else make sure.

also, you are running a the ff3 beta 4?

C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe

[LirvA]

Post a new HJT log, there should be more than that.

[.FaZio93.]

Post a new HJT log, there should be more than that.

i thought it was a little short, but i saw the End of file - 2138 bytes so.... copy/paste error

[Tags:]