Jump to content

HijackThis and Malwarebytes Anti-Malware logs

Recommended Posts

We took this to the McAfee Support Community at first and it was recommended to bring it to this forum McAfee Community post 13805

Here is our story...

July 1, 2010 - our aol.ca webmail account was compromised and sent an e-mail to all of our Contacts

- the e-mail contained a link to a bogus prescription ordering site called Canadian Neighbor Pharmacy, where folks are being duped into providing personal information

- the scam is documented at wiki spam info

We deleted all of our Contacts, changed our e-mail password and security question, BUT are still concerned that something is lurking on one of our computers.

We have a 3 user license for McAfee Total Protection. It is automatically updated and is current.

Laptop is running Windows Vista Service Pack 2. Desktop is running Windows XP Service Pack 3. Both are on automatic updates.

We used various tools as documented below, but have not been able to identify the malware or how to remove it.

The last two actions were to use Malwarebytes' Anti-Malware and HiJackThis. The logs are the last two items in this post and are under the red headings.

We are concerned that there still maybe malware on our computer. We are hoping that the experts in this forum can advise us.


Ran full McAfee scans on our laptop and desktop computers and came up with nothing.


01/07/2010 7:28:25 PM Scan Started: 07/01/2010 07:28:25 PM

01/07/2010 8:01:56 PM Total objects scanned: 222431

01/07/2010 8:01:56 PM Objects detected: 0

01/07/2010 8:01:56 PM Scan Done: 07/01/2010 08:01:56 PM

So we moved on and followed the instructions in http://community.mcafee.com/docs/DOC-1294. Home User Assistance Malware Troublehooting.

The following was done from the laptop.

Ran scan in Safe Mode with Networking

While the scan was still in progress got a window that said it was from McAfee stating

Computer is at risk (RED)

- make sure real time scanning and firewall are on and subscription is active and up to date

- please check status

Checked status and message stated that Real Time Scanning was OFF! (RED)

Tried to select button to Turn it ON, but only flashed to other McAfee window briefly that said Your Computer is Secure (GREEN)

Window would flip back to message saying Real Timing Scanning id OFF! (RED)

Scan ended with 0 objects detected

Window stating that Real Time Scanning was OFF! (RED) was still on screen so tried to set to ON, but the Apply button was greyed out.

When we closed down the scan and went to the McAfee security Centre it showed our Real Time Scanning was indeed ON.


scan in safe mode from laptop Computer (in Vista)

04/07/2010 1:20:27 PM Scan Started: 07/04/2010 01:20:27 PM

04/07/2010 2:46:58 PM Total objects scanned: 225388

04/07/2010 2:46:58 PM Objects detected: 0

04/07/2010 2:46:58 PM Scan Done: 07/04/2010 02:46:58 PM

Downloaded and Ran Stinger

Left computer in Safe mode to run Stinger

sensitivity "Very High" and "Report Only"

3 Artemis trojans found, feel that these are likely false positives and McAfee agrees

the two files in $Recycle.Bin cannot be accessed (get message Location is not available)

the one TOSAPIN file is available and could be sent by WIN ZIP - file dated 7/12/2006



Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.