8 steps done...anything else I should do?

Status
Not open for further replies.
A

AGPubs

Hello, and thank you for your invaluable help!

The 8 steps were very clear and concise. I got rid of tons of malware and trojans that brought my computer almost to a standstill. I think I was a day away from a complete melt down. Now my PC is *much* faster and I'm not seeing the nexplore windows that were popping up.

I've attached my logs for your perusal. Do they suggest that there's anything else that I should do? (The SASpyware log is from the second time I ran it. I'd turned back on things from step 3 before I ran it the first time. It did find lots of stuff the first time around.)

Again, thank you!

-AGPubs
 

Attachments

  • mbam-log-2010-01-12 (18-52-54).txt
    13.6 KB · Views: 1
  • SUPERAntiSpyware Scan Log - 01-12-2010 - 20-00-07.log
    3.4 KB · Views: 1
  • hijackthis.log
    15.2 KB · Views: 1
Ooops, forgot one more question.

I've got an external hard drive that had been hooked up to the PC while it was infected. While I did the scanning/cleaning, it was disconnected.

I assume that I should wipe the external drive and then do a full back up of the clean PC. Is this correct, or can I just reconnect and do a full back up?

Thanks!
-AGPubs
 
Welcome to TechSpot, AGPubs. I'll check the logs and help with the malware.

To start, stay away from FunWebProducts. Every download you get puts adware on the system. Those Smileys, cursors and other 'free' stuff come with a price.

You have malware in the System Restore points so don't use that feature. I will have to drop all the old restore points and set a new, clean one when the system is clean.

I have noticed that you have multiple antivirus programs running.
Avast
McAfee
You should decide which you want to keep and remove the others for the following reasons:
  • Multiple antivirus programs can cause conflicts that may leave the system more vulnerable.
  • Multiple antivirus programs can also slow down the system.

If you are using a paid program, Consider removing the free programs. If you are using a Trial of a paid program, please decide which programs you would like to keep and remove the others. You will find the following removal tools helpful:Download only the Tool for the antivirus program you are going to remove and save it to your desktop. Don't run yet:

Note:Security programs are best removed while in Safe Mode.
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  • Double click on the removal tool and run. Follow any screen prompts
Please reboot the system when you have made the change..

Now do this:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

Important! Save the renamed download to your desktop.
  • Double click on the setup file on the desktop to run
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
  • Query- Recovery Console image
    RcAuto1.gif

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png

  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

When finished, rescan with Hijackthis. Attach Combofix report and new HJT log to next reply.
 
thanks for the extra tasks...but I've hit a snag.

I downloaded and launched ComboFix. I agreed to install the program, and I saw a brief flash of a small progress bar, but no other window came up. After 20 mins, I restarted the computer and doubleclicked the combo exe file again. This time, I saw the flash of the progress bar, and nothing again. It's been an hour and the computer is pretty quiet.

Is there a way to uninstall combofx and reinstall for another try?

Thanks,
-AGPubs
 
Ooh, McAfee just found and isolated the Artemis!769EE35EF6D2 (trojan), which just happened to be in the Desktop\Combo-Fix(.exe).exe file!

What now?
 
Uninstall ComboFix.exe And all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg

EDIT: Correction on previous Worm comment: This was caused by the member having the security running while attempting to use Combofix. It was a False Positive.(Generic!Artemis)

Let's see if enough can be found and removed so that Combofix will run:

Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Bobbye, thanks for your continued help.

I tried to uninstall ComboFix, but got message that "Windows cannot find "Combofix"...make sure you typed correctly" etc. McAfee did find/isolate the combofix exe file before. Do I need to do more here?

Eset found two items. I've attached the log and I await your further instructions.

-AGPubs
 

Attachments

  • log.txt
    1.1 KB · Views: 2
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    :Processes	

:Services

:Reg

:Files  
C:\Program Files\Juniper Networks\Network Connect 5.5.0\uninstall.exe	
C:\Program Files\Mozilla Firefox\chrome\m3ffxtbr.jar	

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
---------------------------------------
Then try installing and running Combofix again:
Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

    Important! Save the renamed download to your desktop.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Query- Recovery Console image
      RcAuto1.gif

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      whatnext.png

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.
    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    When through, do a rescan with HijackThis.
    Attach the Combofix report and new HJT log to next reply.
    Let me know of any remaining system problems related to the malware.
 
FYI Bobbye.

Artemis is a false positive from McAfee, disable it fully before ComboFix is downloaded.
 
Thank you kritius.

Regarding this:
Ooh, McAfee just found and isolated the Artemis!769EE35EF6D2 (trojan), which just happened to be in the Desktop\Combo-Fix(.exe).exe file!
Click to expand...

McAfee should have been disabled: Correction has been made in Reply #6.
AGPubs, please delete the file you saved to you desktop and be sure to do this before Combofix:
Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.

Now you should be able to run Combofix.
Run that first, then follow with the Eset scan.

Leave Combofix report and Eset log on next reply.
 
Status
Not open for further replies.

Similar threads

Shawn Knight
Myst turns 30, do you feel old yet?
Replies
7
Views
443
amghwk
amghwk
J
Wrestling with AI and the AIpocalypse we should be worried about
Replies
12
Views
324
poohbear
P
midian182
Ubisoft believes streaming will do for games what Netflix did for movies and television
Replies
23
Views
630
GoldenGoat
GoldenGoat

Latest posts

Back