Disinfecting a PC… part 2

Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card in this machine.) It’s important when working on an infested PC to leave it isolated so that it can’t continue to spread viruses or spam or whatever it may be doing. Assume if it’s infested with something that it could be spewing out bad stuff. If you must, isolated it and prevent it from routing to the outside world… the safest is usually to leave the cable unplugged for the initial look over.

Left net cable off, Booted and looked – installer icon in system tray which disappeared before I could get a tooltip for it. Looks spywareish… webshots (didn’t they bundle with spyware at some point?) Looking at msconfig – jawa32 looks suspect. SurfSidekick 2 (ssk.exe), ssdpsrv.exe (???), ylgril.exe, C:\Program Files\VBouncer\VBouncerInner.exe /S, C:\WINDOWS\SYSTEM\puswxc.exe, c:\windows\system\saie.exe, C:\WINDOWS\Guqvqmm.exe, C:\WINDOWS\Xecrtyr.exe, C:\WINDOWS\aqadcup.exe, C:\WINDOWS\goidr.exe, C:\Program Files\Common Files\slmss\slmss.exe,C:\PROGRA~1\BMCENT~1\BMLauncher.exe.(?)

So, in the above I’ve highlighted the running processes or startup entries that I don’t recognize right off, or don’t seem normal.

Running hijack this… and analyzing… (Log was included in previous post.)
Several BHO’s
jawa32.exe looks to be a trojan backdoor.agent.bg ??
Looks fairly infested… installing AVG and updating.

Got spybot S&D, ad-aware and bhodemon in the wings…. just in case…

AVG failed install… It gave an error accessing the registry…

Local machine: installation failed
Error: Checking of state of the item registry key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Avg7RunOnceParams failed.
The configuration registry database is corrupt. (1009)

Time to use a working networked pc…

   Send article as PDF   

Similar Posts