Genuinely Concerned About my PC: Can Somone check my Hijackthis log

Well, There is a site(http://www.hijackthis.de/en) that lets you copy and paste that hijackThis! file to analyze it. I use it all the time and I looked at the scan on that site and found a few things that are questionable.

One, Paste you scan in the box and hit analyze.
Look for the Entry's with the Yellow 'X's. Make sure you get the exact file location and get rid of those Yellow 'X's, there files that are no longer there that are still in the directories, just empty(Like an empty folder in your Program Files). Check those and hit fix, and they should be gone.

After you do that, there's two services that I don't really seem to trust on that list. Those two are:

O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

And

Unknown
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsgj.exe] C:\WINDOWS\system32\kdsgj.exe

The reasons why I don't like them:
One: The VundoFix Service is in the system32 folder(Windows folders, the directory where all the important windows files are), and that it sounds like a virus. I had a friend with something called a Trojan Vundo virus that he couldn't get rid of.
Just researched the VundoFix Service and found its quite well trusted and used to delete Vundo virus's so its a keeper, even if you don't think so.
Proof, People here trust it and recommend it to others as well as the website:
http://forums.afterdawn.com/thread_view.cfm/295728
The other file:
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdsgj.exe] C:\WINDOWS\system32\kdsgj.exe
Is an unknown service running in the Windows system32 folder. The fact that its unknown makes it suspicious. I would first delete the following first before you delete that file as it could be important.

Here's the Files that you should also delete that have either no name, or no file(Yellow 'X's):

O2 - BHO: (no name) - {20E4A7C5-C548-4D46-9ED3-77E3B99B32A1} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - (no file)
O2 - BHO: (no name) - {3AB00EB0-5DB5-4847-AE3E-13CEFA6C5B6A} - (no file)
O2 - BHO: (no name) - {4EC5A98A-24B4-4201-8FDC-1A11204469B3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A16D8144-8A9C-40F9-84AB-2E106EF80820} - (no file)
O2 - BHO: (no name) - {F8FC6D41-0BAC-45BE-A279-875A11395C43} - (no file)

I'm not that experienced with HijackThis!, but I do use it from time to time to get rid of nasty things. Someone with more knowledge should confirm what to do about the kdsgj.exe. But I am almost certain that that is the problem.
 
the C:\WINDOWS\system32\kdsgj.exe value is from the Zlob virus, i can not find it in sys32 folder, this is a big problem, its started to change passwords. My youtube was first...

the virtumonde fix is a programme i used to remove vundo, thats no problem
 
All you should have to do is check mark the .exe in HijackThis and click Fix. It should delete it without you having to search for the file in the system32 folder. It's also probably hidden so you would have to rely on the HijackThis! program. There's many ways to hid files. I remember (Forgot how) that you can hide a file in a simple BMP image file which is something people would never think of that as a virus location.

So, Just check mark it and click fix.
 
well, i think its removed now, i had some problems with spybot s and d tea timer not allowing me to edit the file, in other words my own protection was being to protective, my hijack this log seems to show that everythings fine now :)

but i will do a spy bot just to make sure, thanks

Curt
 
Back
Top Bottom