AM I INFECTED

Topic

New Reply

My computer is acting flaky and i dont know what to do.

I have windows xp sp3 home edition…
I have bitdefender total security 2010 and
spybot search and destroy running and they say
i am clean.
I ran avira and it supposedly deleted a trojan
I ran the onecare live online scan and it reported 2 or 3 problems
that it said it could not fix but i have no idea where or what they are

i ran hijack this and here is the log…tell me if their is anything wrong here please

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:14 PM, on 12/21/2009
The rest of this log was moved to the attachment

Reply | Quote

Replies

i ran hijack this and here is the log…tell me if their is anything wrong here please

This is not the best site for interpretation of HijackThis logs. If you search here, you will find recommendations for other sites. For example, see: [post=’724266′]Post #724266 (castlecops)[/post] and [post=’809178′]Post #809178 (majorgeeks)[/post] and [post=’686207′]Post #686207 (three more)[/post].

Reply | Quote

thank you js cher but those links proved useless as the castle cops reports NOT FOUND

Reply | Quote

thank you js cher but those links proved useless as the castle cops reports NOT FOUND

Try this one.

http://www.bleepingcomputer.com/tutorials/tutorial42.html

Reply | Quote

http://www.bleepingc…tutorial42.html (im checking this site now)
i just registered there

THANKS JSCHER

Reply | Quote

You can also copy and paste your Hijackthis log file here:

http://hjt.networktechs.com/

for immediate feedback/analysis of the log.

Reply | Quote

Thanks carl

Reply | Quote

To be honest Spybot is pretty worthless. Its detection rates arent very good. The only thing its good for is its Immunize function. Spyware Blaster is a stand alone app and basically is Spybots Immunize feature.

The toolbars are a bit worry some. Alot of them open holes into your system.

Heres the list of what Id get rid of:

O8 – Extra context menu item: &GetGo Toolbar Search – res://C:Documents and SettingslynnDesktopmy Downloadsinternet pgmsGetGo Download Manager 4.2.1.309GetGo Download ManagerGGToolBand.dll/MENUSEARCH.HTM
O8 – Extra context menu item: Search Image on TinEye – file://C:Documents and SettingslynnMy DocumentsTinEye 1.0TinEye.js

Both of them have been flagged as nasty by HiJackThis own analysis engine.Basically I see atleast 3 tool bars that arent needed and most of the flagged possible infections come from the GetGo toolbar or what ever it is.

Reply | Quote

Both of them have been flagged as nasty by HiJackThis own analysis engine.

As I understand it, “O8” entries are non-whitelisted items on the IE right-click menu. I just don’t think it’s fair to say that all of these items have been “flagged as nasty” without further confirmation. Some downloaders are legitimate, and I didn’t find GetGo in these databases:

Computer Associates: http://www.ca.com/us/technology-security-news.aspx (threat search box in right sidebar)
Symantec: http://www.symantec.com/norton/security_response/threatexplorer/search.jsp
Trend Micro: http://threatinfo.trendmicro.com/vinfo/default.asp
Webroot: http://research.spysweeper.com/

Also, I don’t see anything obviously wrong with TinEye[/url].

As a diagnostic, it may well be a good idea to disable or uninstall these programs, but I think it’s wise to be more cautious in calling them the source of possible infections.

Reply | Quote

As I understand it, “O8” entries are non-whitelisted items on the IE right-click menu. I just don’t think it’s fair to say that all of these items have been “flagged as nasty” without further confirmation. Some downloaders are legitimate, and I didn’t find GetGo in these databases:

Computer Associates: http://www.ca.com/us/technology-security-news.aspx (threat search box in right sidebar)
Symantec: http://www.symantec.com/norton/security_response/threatexplorer/search.jsp
Trend Micro: http://threatinfo.trendmicro.com/vinfo/default.asp
Webroot: http://research.spysweeper.com/

Also, I don’t see anything obviously wrong with TinEye[/url].

As a diagnostic, it may well be a good idea to disable or uninstall these programs, but I think it’s wise to be more cautious in calling them the source of possible infections.

You didnt use a single database that is rated at the top of detection.

If you would like this is the tool I used. Run the log through this and it will give some more insight so you can see what I was seeing.

http://www.hijackthis.de/

Reply | Quote

You didnt use a single database that is rated at the top of detection.

Hmmm, if you don’t like the major vendors, then show me an online database of malware or spyware that does list either GetGo or TinEye.

If you would like this is the tool I used. Run the log through this and it will give some more insight so you can see what I was seeing.

Mattner’s site is an independent tool. It is not affiliated with the developers or maintainers of HijackThis. The methodology behind its declarations is unclear. What is a “keywordcheck” ?

Does that mean anything with the word toolbar or search is considered “nasty”? That would be a good way to generate false positives. (Googling ”hijackthis.de” (“false positive” OR “false positives”) does yield some illuminating comments, although many are quite old and may have been resolved by now. Or maybe not.)

For reference, here is the analysis the site served to me:

Reply | Quote

I want to t trying thank all of you for your input
in trying to help me with my issues.

Reply | Quote

Here is what i used and it seemed to be useful for me
http://hjt.networktechs.com/

Reply | Quote

From my experience, there are some items in that log to be worried about, but not necessarily infections. Basically, the toolbars are not things I would keep as a general rule, and you have far too many AV/AS programs running that may be conflicting with each other.

Keep in mind that HJT is a great tool but might not flag all possible places a potential virus could be hiding, so you might be infected, you might not.

Reply | Quote

I’ve heard of hijack this and many people have suggested it but, an easier solution may be to just install Malwarebytes (be wary of google’s search as it’s sponsered links aren’t always the safest-If you read the newsletter there was mention of this issue). Malwarebytes in my experience has detected more viruses than any other antivirus I’ve tried (paid or not), including the viruses other programs found. It’s also updated daily and completely free. The only problem with it is that the free version lacks active protection but, since I use Comodo Firewall when I’m online and set up an automatic scan with Windows Task Scheduler it’s quite nice (It doesn’t take that as much processing as having both a protection module and a firewall would).

If you wish to set up a scheduled scan look for a tutorial on setting up a scheduled task with windows and use the command line parameter “/quickscanterminate” for a quick scan, “/fullscanterminate” for a Full Scan and “/runupdate” for an update. I’m afraid I can’t offer more specific help at this time as I’m running Windows 7 and don’t remember offhand how to set up XP’s scheduled task (although I think I found it easier for some reason).

Reply | Quote