Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 10-04-2008, 03:09 PM   #1
Solid State Member
 
Join Date: Oct 2008
Posts: 9
Default Genuinely Concerned About my PC: Can Somone check my Hijackthis log

Solved, cheers.
__________________

CurtGuven is offline   Reply With Quote
Old 10-04-2008, 03:12 PM   #2
Solid State Member
 
Join Date: Oct 2008
Posts: 9
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

Deleting logs.
__________________

CurtGuven is offline   Reply With Quote
Old 10-04-2008, 03:12 PM   #3
Solid State Member
 
Join Date: Oct 2008
Posts: 9
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

Deleting logs.
CurtGuven is offline   Reply With Quote
Old 10-05-2008, 02:02 PM   #4
Daemon Poster
 
NEED WOW NOW's Avatar
 
Join Date: Jun 2007
Posts: 1,315
Send a message via AIM to NEED WOW NOW
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

Well, There is a site(http://www.hijackthis.de/en) that lets you copy and paste that hijackThis! file to analyze it. I use it all the time and I looked at the scan on that site and found a few things that are questionable.

One, Paste you scan in the box and hit analyze.
Look for the Entry's with the Yellow 'X's. Make sure you get the exact file location and get rid of those Yellow 'X's, there files that are no longer there that are still in the directories, just empty(Like an empty folder in your Program Files). Check those and hit fix, and they should be gone.

After you do that, there's two services that I don't really seem to trust on that list. Those two are:

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

And

Unknown
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsgj.exe] C:\WINDOWS\system32\kdsgj.exe

The reasons why I don't like them:
One: The VundoFix Service is in the system32 folder(Windows folders, the directory where all the important windows files are), and that it sounds like a virus. I had a friend with something called a Trojan Vundo virus that he couldn't get rid of.
Just researched the VundoFix Service and found its quite well trusted and used to delete Vundo virus's so its a keeper, even if you don't think so.
Proof, People here trust it and recommend it to others as well as the website:
http://forums.afterdawn.com/thread_view.cfm/295728
The other file:
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsgj.exe] C:\WINDOWS\system32\kdsgj.exe
Is an unknown service running in the Windows system32 folder. The fact that its unknown makes it suspicious. I would first delete the following first before you delete that file as it could be important.

Here's the Files that you should also delete that have either no name, or no file(Yellow 'X's):

O2 - BHO: (no name) - {20E4A7C5-C548-4D46-9ED3-77E3B99B32A1} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - (no file)
O2 - BHO: (no name) - {3AB00EB0-5DB5-4847-AE3E-13CEFA6C5B6A} - (no file)
O2 - BHO: (no name) - {4EC5A98A-24B4-4201-8FDC-1A11204469B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A16D8144-8A9C-40F9-84AB-2E106EF80820} - (no file)
O2 - BHO: (no name) - {F8FC6D41-0BAC-45BE-A279-875A11395C43} - (no file)

I'm not that experienced with HijackThis!, but I do use it from time to time to get rid of nasty things. Someone with more knowledge should confirm what to do about the kdsgj.exe. But I am almost certain that that is the problem.
__________________
AMD is Happy!
Intel is Pissed!
Europe is $1.45 Billion Dollar's Richer!
NEED WOW NOW is offline   Reply With Quote
Old 10-05-2008, 02:14 PM   #5
Solid State Member
 
Join Date: Oct 2008
Posts: 9
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

the C:\WINDOWS\system32\kdsgj.exe value is from the Zlob virus, i can not find it in sys32 folder, this is a big problem, its started to change passwords. My youtube was first...

the virtumonde fix is a programme i used to remove vundo, thats no problem
CurtGuven is offline   Reply With Quote
Old 10-05-2008, 02:37 PM   #6
Daemon Poster
 
NEED WOW NOW's Avatar
 
Join Date: Jun 2007
Posts: 1,315
Send a message via AIM to NEED WOW NOW
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

All you should have to do is check mark the .exe in HijackThis and click Fix. It should delete it without you having to search for the file in the system32 folder. It's also probably hidden so you would have to rely on the HijackThis! program. There's many ways to hid files. I remember (Forgot how) that you can hide a file in a simple BMP image file which is something people would never think of that as a virus location.

So, Just check mark it and click fix.
__________________
AMD is Happy!
Intel is Pissed!
Europe is $1.45 Billion Dollar's Richer!
NEED WOW NOW is offline   Reply With Quote
Old 10-05-2008, 02:53 PM   #7
Solid State Member
 
Join Date: Oct 2008
Posts: 9
Default Re: Genuinely Concerned About my PC: Can Somone check my Hijackthis log

well, i think its removed now, i had some problems with spybot s and d tea timer not allowing me to edit the file, in other words my own protection was being to protective, my hijack this log seems to show that everythings fine now

but i will do a spy bot just to make sure, thanks

Curt
__________________

CurtGuven is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 03:01 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0