do I have malware?

Hello,
I have 3 computers and I think all 3 have the same exact problem. They are all running slow. We fixed the first one here, thank you soo much!

I did the scans on the 2nd one… Here they are.

Do you see anything?

removers are notified, check back later today

Okay, thank you :slight_smile:

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I’d be grateful if you would note the following:

[] The fixes are specific to your problem and should only be used for the issues on this machine.
[
] It’s often worth reading through these instructions and printing them for ease of reference.
[] If you don’t know or understand something, please don’t hesitate to say or ask!! It’s better to be sure and safe than sorry.
[
] Please reply to this thread. Do not start a new topic.
[] If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
[
]Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that…
http://i1224.photobucket.com/albums/ee380/jeffce74/vegeta_zps7f4345cf.gif
Let’s get going!!

Let me look these over and I will get back as quick as I can. :slight_smile:

Hi,

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKLM\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm238^YY^us&si=CD6891&ptb=A0E86070-9BCE-4A3A-93C8-8953F594CDB4&ind=2013051418&n=77fcba1a&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1935655697-57989841-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,204,0_0,StartPage,20130626,19855,0,8,0
IE - HKU\S-1-5-21-1935655697-57989841-682003330-1003\..\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^AFA^xdm238^YY^us&si=CD6891&ptb=A0E86070-9BCE-4A3A-93C8-8953F594CDB4&ind=2013051418&n=77fcba1a&psa=&st=sb&searchfor={searchTerms}
[2013/06/27 14:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Tag\Start Menu\Programs\NetAssistant
[2013/06/24 06:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\SearchDonkey
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2013/03/23 19:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Tag\Application Data\GetRightToGo

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot when it is done
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

Attach the new log made by OTL and let me know how your system is running now. :slight_smile:

Hey Jeff!!
Thank you soooo much for your help. I’ve attached the logs as requested. Why the DNS flush? I’m no techy, just curious…

It seems to be running much smoother… :slight_smile: At least so far!! Do you see anything else? Any recommendations? Wish I knew where this malware comes from.

Oh and I have, in my add remove programs, yahoo toolbar that I’ve tried to uninstall several times. When I click uninstall, it just sits there forever, nothing happens. All though I do not see it installed in IE. Any clues on that? Should I just leave it and not worry about it?

Thanks Again Jeff, You Rock!!

Hi,

Glad to hear your system is running better. :slight_smile: The reason for the DNS flush is really just a bit of tidying up on the system.

Remind me later about the toolbar and we will come back to that ok?

When you ran OTL was there a log created named Extras.txt. Could you attach that please?

Hmmm no, no Extras.txt. I even did an all files and folders search and nothing??

Ok no problem…

Please open OTL.

[*]Make sure all other windows are closed and to let it run uninterrupted.
[*]When the window appears, click the None button near the top (it may looked greyed out)
[*]In the Extra Registry section change it to All
[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.

There we go!! :slight_smile:

Good… :slight_smile:

http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg
Java

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

http://java.com/en/download/index.jsp

http://i1224.photobucket.com/albums/ee380/jeffce74/java-1.jpg

See this page for instructions on how to clear java’s cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 Checked
Downloaded Applets
Downloaded Applications
Installed Applications and Applets
[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.


http://i1224.photobucket.com/albums/ee380/jeffce74/mbam-3.jpg
Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
[*]Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.[*] Turn off the real time scanner of any existing antivirus program while performing the online scan[*]Tick the box next to YES, I accept the Terms of Use.[*]Click Start[*]When asked, allow the activex control to install[*]Click Start[*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.[*]Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[]Wait for the scan to finish[]When the scan is done, if it shows a screen that says “Threats found!”, then click “List of found threats”, and then click “Export to text file…”[] Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.[]Close the ESET online scan, and let me know how things are now.

Alrighty Jeff!
Apparently no threats found with either mbam or eset. :slight_smile:
Here’s the mbam log, It seems eset only creates one if there are threats.

Great! Any other malware related problems?

Everything seems fine Jeff. Thank you sooo much for your help!!! :slight_smile:

Sounds great!! :slight_smile:

Providing there are no other malware related problems…

http://i149.photobucket.com/albums/s64/mxyzptlk1214/Vegeta.gif
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

http://i1224.photobucket.com/albums/ee380/jeffce74/OTL.jpg
Clean up with OTL:

[*]Right-click and Run as Administrator OTL.exe to start the program.
[*]Close all other programs apart from OTL as this step will require a reboot
[*]On the OTL main screen, press the CLEANUP button
[*]Say Yes to the prompt and then allow the program to reboot your computer.


Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren’t cluttering up your desktop. If you did not have Malwarebytes Antimalware before, I would keep it and run it weekly.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

[*]From within Internet Explorer click on the Tools menu and then click on Options.
[*]Click once on the Security tab
[*]Click once on the Internet icon so it becomes highlighted.
[*]Click once on the Custom Level button.
[*]Change the Download signed ActiveX controls to Prompt
[*]Change the Download unsigned ActiveX controls to Disable
[*]Change the Initialize and script ActiveX controls not marked as safe to Disable
[*]Change the Installation of desktop items to Prompt
[*]Change the Launching programs and files in an IFRAME to Prompt
[*]Change the Navigate sub-frames across different domains to Prompt
[*]When all these settings have been made, click on the OK button.
[*]If it prompts you as to whether or not you want to save the settings, press the Yes button.
[*]Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
NoScript
AdBlock Plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (Web of Trust) As “Googling” is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT’s color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7. Finally, I strongly recommend that you read Miekiemoes’ great advice How to prevent malware.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.