jenniferkelly Posted May 12, 2013 ID:678640 Share Posted May 12, 2013 Hey guys.Wondering if someone can take a look at my HJT log.It won't let me save the log so I can copy and paste lol....So I had to upload screencaps of it at tiny pic lol!So if someone could look at it and tell me what needs to be deleted, thank you.I noticed today when I went to msconfig to turn off some startup items that I had "otshot"Googling it I found its a virus/malware.I tried to delete it but of course it came right back.....and I am sure there are some other things that need to be deleted.So thanks in advance guys,http://tinypic.com/r/1zykyf/5http://tinypic.com/r/2z3z4gh/5 Link to post Share on other sites More sharing options...
Maniac Posted May 12, 2013 ID:678642 Share Posted May 12, 2013 Hello jenniferkelly and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.No, it is legitimate entrie. Using Otshot you could add your name and photo information to every photo you send and share.Please follow the instructions here and post your log files:http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
jenniferkelly Posted May 12, 2013 Author ID:678648 Share Posted May 12, 2013 Is this what you need?Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 5572Windows 6.0.6000Internet Explorer 7.0.6000.170375/12/2013 10:47:12 AMmbam-log-2013-05-12 (10-47-06).txtScan type: Quick scanObjects scanned: 151814Time elapsed: 4 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\Users\jennifer kelly\downloads\actualspy.exe (Application.ActualSpy) -> No action taken.c:\END (Trojan.FakeAlert) -> No action taken.c:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> No action taken. Link to post Share on other sites More sharing options...
Maniac Posted May 12, 2013 ID:678737 Share Posted May 12, 2013 One of those which I need.Your program and database version of Malwarebytes' Anti-Malware are very old, so please uninstall Malwarebytes' Anti-Malware and then download and install the latest one.http://downloads.malwarebytes.org/mbam-download.phpNext:Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Then proceed with DDS and post all log files in your next reply. Link to post Share on other sites More sharing options...
jenniferkelly Posted May 12, 2013 Author ID:678827 Share Posted May 12, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.05.12.06Windows Vista x86 NTFSInternet Explorer 7.0.6000.17037Jennifer Kelly :: JENSCOMP [administrator]Protection: Enabled5/12/2013 7:10:01 PMmbam-log-2013-05-12 (19-10-01).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 217838Time elapsed: 7 minute(s), 56 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 6HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 6C:\Users\Jennifer Kelly\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.C:\Users\Jennifer Kelly\Downloads\MICROSOFT_OFFICE_keygen.zip (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Users\Jennifer Kelly\Downloads\actualspy.exe (Application.ActualSpy) -> Quarantined and deleted successfully.C:\Users\Jennifer Kelly\Downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.C:\Windows\System32\ijl11pro.DLL (Worm.Sohanad) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Maniac Posted May 13, 2013 ID:679078 Share Posted May 13, 2013 I'm afraid I have bad news.One or more of the identified infections is a rootkit. Rootkits are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge. I suggest you disconnect this computer from the Internet immediately you finish reading this post. If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Visit the following sites for more information on Internet theft and when to reformat!Help: I Got Hacked. Now What Do I Do?Help: I Got Hacked. Now What Do I Do? Part IIHow Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallShould you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.If you have any questions before making a final decision, please feel free to ask.Instructions how to format and reinstall Windows can be found here Link to post Share on other sites More sharing options...
jenniferkelly Posted May 14, 2013 Author ID:679209 Share Posted May 14, 2013 hm. Rather unexpected news. I will have to reformat and reinstall I suppose...Thanks so much for your help.It is very appreciated! Link to post Share on other sites More sharing options...
Maniac Posted May 14, 2013 ID:679300 Share Posted May 14, 2013 Sorry about that!Some future malware prevention tips:users.telenet.be/bluepatchy/miekiemoes/prevention.htmlGood luck! Link to post Share on other sites More sharing options...
LDTate Posted May 18, 2013 ID:681202 Share Posted May 18, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts