0

Hi all , i am infected with some kind of malware. there is appearing a warning that says '' Your computer is infected''. i've tried everything but i couldnt get rid of from it. When click this baloon that spyaxe web site is appearing and says me that i must buy this sowtware to clean it, plz help me here is my hijackthis log file.


Logfile of HijackThis v1.99.1
Scan saved at 00:05:45, on 12.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\danny\Desktop\New Folder\hijackthis\HijackThis.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{D5BB5D8E-2C85-46CB-B5A1-CF80453660F7}: NameServer = 195.175.37.14 195.175.37.69
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

2
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by DMR
0

Hi summon,

Your HijackThis log is very incomplete; please run HJT again and post the log according to these directions:

Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...". Save the log in the folder you created for HiajckThis, open the log in Windows Notepad, and cut-n-paste the entire contents of the log here.

0

Hi thx for your answer but i did what u said and the same log appeared. Last night i tried the programs that you wrote then i opened a thread i think i got rid of from that malware but the warning is still there.... there isn't a problem in my internet connection or speed , i only want to get rid of from that warning thx for your helping. :)

0

i did what u said and the same log appeared.

That's strange. I don't know why that's happening, and without the full log I can't tell if you have signs of infecitons left on your computer or not.

In terms of the "SpyAxe" infection though, removal instructions for that specific infection can be found here. SpyAxe is often associated with the larger "Smitfraud" family of infections; the link I gave for SpyAxe removal also links to instructions for removing smitfraud if you need to go that route.

To (hopefully) fix other infections which could possibly be lurking on your computer, you can follow these general removal proceedures:

You will need to close/quit all web browser programs and disconnect from the Internet for the following, so you should print out these instructions or save them into a text file with Notepad.

1. Download and install these utilities (but do not run scans with them yet):

ewido Security Suite (trial version) - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
SpyBot Search & Destroy - http://www.safer-networking.org/
Ad Aware SE Personal - http://www.lavasoftusa.com/

- Open ewido. In the main screen, click "Update" and click "Start Update". After the update process completes, exit from Ewido.

- Open MS Antispyware beta. Make sure the "AntiSpyware Autoupdater" feature is enabled, and that it has downloaded the most current antispyware updates. Close the program after you've verified this.

- Open SpyBot and use its update feature to download and install the most current spyware definitions file. Close the program once the update is complete.

- Open AdAware, click the "Check for updates now" button, and follow the prompts to install the most current spyware definition database. Also disable Ad Aware's "Ad Watch" feature, as it may interfere with some of our fixes (you can re-enable it once the system is clean). Close the program after that.

- Open your anti-Virus program and use its update feature to make sure that you have the most current virus definitions installed. As with the above programs, don't run a scan with it; just close it once it is updated.


2. Download and install the CCleaner utility, but don't run it yet.


3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).


4. Run CCleaner It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


5. Run SpyBot, ewido, AdAware, MS Antispyware beta, and your anti-virus program consecutively; have the programs fix all malicious items they find.

When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.


6. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

0

Hi again. Dmr thank you for all your help :) everything seems to be right now many thanks to you. :D

0

Glad we could help, summon :)

Can you tell us exactly which steps you took to get your system clean, please? Having that information posted here could be helpful to other members in the future.

Thanks.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.