After using Malwarebytes anti-malware I still have XP Security 2011

Solved
By hbuteme
Nov 21, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    You didn't say where did you get PDF Suite from.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\PDF Suite\PDF Suite.exe
    - C:\PDF Suite\Gs\gswin32c.exe
    - C:\PDF Suite\Help\PDF Suite Presentation.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  2. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Sorry. I'm totally clueless on where the PDF Suite originated from. Someone installed the PDF Suite by transferring it from a flash to my laptop. I have no clue where he got it from.

    I'm uploading the files to virus total.
  3. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    PDF Suite is not free, so if you got it through some illegal download and ESET found its files Virut infected....Virut infection is a very serious matter.
    If it confirms, you'll be facing formatting and reinstalling Windows.
  4. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Then I'm screwed. I'm seeing lots of virut on these scans. The last one is scanning and I'm about to post. If I format and re-install Windows will I lose all my info?
  5. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Virus total scan results

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: PDF Suite.exe
    Submission date: 2010-11-25 22:44:22 (UTC)
    Current status: queued (#8) queued analysing finished


    Result: 12/ 41 (29.3%)

    Antivirus results
    AhnLab-V3 - 2010.11.25.01 - 2010.11.25 - Win32/Virut.E
    AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
    Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
    Comodo - 6847 - 2010.11.25 - -
    DrWeb - 5.0.2.03300 - 2010.11.25 - -
    eSafe - 7.0.17.0 - 2010.11.24 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - -
    GData - 21 - 2010.11.25 - Win32:Vitro
    Ikarus - T3.1.1.90.0 - 2010.11.25 - -
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    Microsoft - 1.6402 - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
    Norman - 6.06.10 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - -
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.25 - -
    Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    Symantec - 20101.2.0.161 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    VBA32 - 3.12.14.2 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: 7d2abf1c2713fc4a85c089b866f08a75
    SHA1: 66748663e949f235dd32df4f81314960e08a2ae1
    SHA256: c76b0bb80440aefaf5b16e850ba598f1e47f183311718181c573e9bc30e29b17
    File size: 4714496 bytes
    Scan date: 2010-11-25 22:44:22 (UTC)




    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: gswin32c.exe
    Submission date: 2010-11-25 22:51:15 (UTC)
    Current status: queued (#7) queued (#7) analysing finished


    Result: 14/ 43 (32.6%)

    Antivirus results
    AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
    AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
    Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
    Comodo - 6847 - 2010.11.25 - -
    DrWeb - 5.0.2.03300 - 2010.11.25 - -
    Emsisoft - 5.0.0.50 - 2010.11.25 - Virus.Win32.Virut!IK
    eSafe - 7.0.17.0 - 2010.11.24 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - -
    GData - 21 - 2010.11.25 - Win32:Vitro
    Ikarus - T3.1.1.90.0 - 2010.11.25 - Virus.Win32.Virut
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    Microsoft - 1.6402 - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
    Norman - 6.06.10 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.25 - -
    Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    Symantec - 20101.2.0.161 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    VBA32 - 3.12.14.2 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    ViRobot - 2010.11.19.4158 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: c359527c02490cf7a5d844b699617fc7
    SHA1: af1eccd6fcc081b09caf1fc4b2f94dfedf5d9a31
    SHA256: 62e98134066e2d89b3833127f17d704e464e497c4fa38152feb3dcce4b3617ac
    File size: 188416 bytes
    Scan date: 2010-11-25 22:51:15 (UTC)




    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: PDF Suite Presentation.exe
    Submission date: 2010-11-25 22:54:43 (UTC)
    Current status: queued queued analysing finished


    Result: 14/ 43 (32.6%)

    Antivirus results
    AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
    AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
    Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
    Comodo - 6847 - 2010.11.25 - Virus.Win32.Virut.CE
    DrWeb - 5.0.2.03300 - 2010.11.25 - -
    Emsisoft - 5.0.0.50 - 2010.11.25 - -
    eSafe - 7.0.17.0 - 2010.11.24 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - W32/Virut.CE
    GData - 21 - 2010.11.25 - Win32:Vitro
    Ikarus - T3.1.1.90.0 - 2010.11.25 - -
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    Microsoft - 1.6402 - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
    Norman - 6.06.10 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.25 - -
    Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    Symantec - 20101.2.0.161 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
    VBA32 - 3.12.14.2 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    ViRobot - 2010.11.19.4158 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: 169d690681a08b4f335c4e8830b95661
    SHA1: 139fc48adf32ce36f7e786420c189fe5234f8dbf
    SHA256: 381ab11d84658b684f17e3f89fb69111ceac3e69c943559685572a4279a6a735
    File size: 491520 bytes
    Scan date: 2010-11-25 22:54:43 (UTC)
  6. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Is it ok now for me to update IE or should I still hang on?
  7. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Uninstall PDF Suite right away.

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - explorer.exe located @ C:\Windows
    - userinit.exe and svchost.exe located @ C:\Windows\System32
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
  8. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Shoot! I've got an NSIS error when I tried to uninstall PDF Suite. It says the installer that you are trying to use is incomplete or corrupt. This could be due to a damaged dish, a failed download or a virus. You may want to contact the author of this installer to obtain a new copy. it may be possible to skip this check using the ?NCRC command line switch (NOT RECOMMENDED).

    That doesn't sound good. I hope it's not as bad as it sounds.

    Let me upload these other files to virus total
  9. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Let me know...
  10. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    New virus total scans

    New scans below. By the way for the previous message about the NSIS error that should have been /NCRC not ?NCRC.

    9 VT Community user(s) with a total of 716 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: explorer.exe
    Submission date: 2010-11-25 23:17:42 (UTC)
    Current status: queued queued analysing finished


    Result: 0/ 37 (0.0%)

    Antivirus results
    AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
    AntiVir - 7.10.14.107 - 2010.11.25 - -
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - -
    Avast5 - 5.0.594.0 - 2010.11.25 - -
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - -
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - -
    Comodo - 6847 - 2010.11.25 - -
    Emsisoft - 5.0.0.50 - 2010.11.25 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - -
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - -
    GData - 21 - 2010.11.25 - -
    Ikarus - T3.1.1.90.0 - 2010.11.25 - -
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - -
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.26 - -
    Rising - 22.75.03.00 - 2010.11.25 - -
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - -
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    ViRobot - 2010.11.19.4158 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: 12896823fb95bfb3dc9b46bcaedc9923
    SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
    SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
    File size: 1033728 bytes
    Scan date: 2010-11-25 23:17:42 (UTC)


    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: userinit.exe
    Submission date: 2010-11-25 23:23:53 (UTC)
    Current status: queued (#2) queued (#2) analysing finished


    Result: 0/ 43 (0.0%)

    Antivirus results
    AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
    AntiVir - 7.10.14.107 - 2010.11.25 - -
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - -
    Avast5 - 5.0.594.0 - 2010.11.25 - -
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - -
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - -
    Comodo - 6847 - 2010.11.25 - -
    DrWeb - 5.0.2.03300 - 2010.11.25 - -
    Emsisoft - 5.0.0.50 - 2010.11.25 - -
    eSafe - 7.0.17.0 - 2010.11.24 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - -
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - -
    GData - 21 - 2010.11.25 - -
    Ikarus - T3.1.1.90.0 - 2010.11.25 - -
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    Microsoft - 1.6402 - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - -
    Norman - 6.06.10 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - -
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.26 - -
    Rising - 22.75.03.00 - 2010.11.25 - -
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    Symantec - 20101.2.0.161 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - -
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
    VBA32 - 3.12.14.2 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    ViRobot - 2010.11.19.4158 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: a93aee1928a9d7ce3e16d24ec7380f89
    SHA1: 513f8bdf67a5a9e09803cfb61f590b39f2683853
    SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
    File size: 26112 bytes
    Scan date: 2010-11-25 23:23:53 (UTC)



    6 VT Community user(s) with a total of 741 reputation credit(s) say(s) this sample is goodware. 1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is malware.
    File name: svchost.exe
    Submission date: 2010-11-25 23:27:39 (UTC)
    Current status: queued (#4) queued (#4) analysing finished


    Result: 0/ 43 (0.0%)

    Antivirus results
    AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
    AntiVir - 7.10.14.107 - 2010.11.25 - -
    Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
    Avast - 4.8.1351.0 - 2010.11.25 - -
    Avast5 - 5.0.594.0 - 2010.11.25 - -
    AVG - 9.0.0.851 - 2010.11.25 - -
    BitDefender - 7.2 - 2010.11.25 - -
    CAT-QuickHeal - 11.00 - 2010.11.25 - -
    ClamAV - 0.96.4.0 - 2010.11.25 - -
    Command - 5.2.11.5 - 2010.11.25 - -
    Comodo - 6847 - 2010.11.25 - -
    DrWeb - 5.0.2.03300 - 2010.11.25 - -
    Emsisoft - 5.0.0.50 - 2010.11.25 - -
    eSafe - 7.0.17.0 - 2010.11.24 - -
    eTrust-Vet - 36.1.8000 - 2010.11.25 - -
    F-Prot - 4.6.2.117 - 2010.11.25 - -
    F-Secure - 9.0.16160.0 - 2010.11.25 - -
    Fortinet - 4.2.254.0 - 2010.11.25 - -
    GData - 21 - 2010.11.25 - -
    Ikarus - T3.1.1.90.0 - 2010.11.25 - -
    Jiangmin - 13.0.900 - 2010.11.25 - -
    K7AntiVirus - 9.69.3083 - 2010.11.25 - -
    Kaspersky - 7.0.0.125 - 2010.11.25 - -
    McAfee - 5.400.0.1158 - 2010.11.25 - -
    McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
    Microsoft - 1.6402 - 2010.11.25 - -
    NOD32 - 5649 - 2010.11.25 - -
    Norman - 6.06.10 - 2010.11.25 - -
    nProtect - 2010-11-25.01 - 2010.11.25 - -
    Panda - 10.0.2.7 - 2010.11.25 - -
    PCTools - 7.0.3.5 - 2010.11.25 - -
    Prevx - 3.0 - 2010.11.26 - -
    Rising - 22.75.03.00 - 2010.11.25 - -
    Sophos - 4.60.0 - 2010.11.25 - -
    SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
    Symantec - 20101.2.0.161 - 2010.11.25 - -
    TheHacker - 6.7.0.1.091 - 2010.11.25 - -
    TrendMicro - 9.120.0.1004 - 2010.11.25 - -
    TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
    VBA32 - 3.12.14.2 - 2010.11.25 - -
    VIPRE - 7411 - 2010.11.25 - -
    ViRobot - 2010.11.19.4158 - 2010.11.25 - -
    VirusBuster - 13.6.60.0 - 2010.11.25 - -
    File info:
    MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18
    SHA1: 49083ae3725a0488e0a8fbbe1335c745f70c4667
    SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
    File size: 14336 bytes
    Scan date: 2010-11-25 23:27:39 (UTC)
  11. Broni

    Broni Malware Annihilator Posts: 45,217   +243

  12. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Fingers crossed ... I'll let you know.
  13. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    There's no PDF Suite in either New programs or Other programs :(
     
  14. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Do I still need Combofix, OTL, MBRCheck, TFC, Security Check, JavaRa on my desktop or is it safe for me to delete them?
  15. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    I'll let you know in a moment...

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\PDF Suite
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
  16. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Ok. Let me do that.
  17. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    OTL log

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\PDF Suite\styles folder moved successfully.
    C:\PDF Suite\print folder moved successfully.
    C:\PDF Suite\Help folder moved successfully.
    C:\PDF Suite\Gs\Resource\Font folder moved successfully.
    C:\PDF Suite\Gs\Resource\Encoding folder moved successfully.
    C:\PDF Suite\Gs\Resource\Decoding folder moved successfully.
    C:\PDF Suite\Gs\Resource\ColorSpace folder moved successfully.
    C:\PDF Suite\Gs\Resource\CMap folder moved successfully.
    C:\PDF Suite\Gs\Resource folder moved successfully.
    C:\PDF Suite\Gs\lib folder moved successfully.
    C:\PDF Suite\Gs\fonts folder moved successfully.
    C:\PDF Suite\Gs folder moved successfully.
    C:\PDF Suite\Driver\x86 folder moved successfully.
    C:\PDF Suite\Driver\x64 folder moved successfully.
    C:\PDF Suite\Driver folder moved successfully.
    C:\PDF Suite\addin07 folder moved successfully.
    C:\PDF Suite\addin folder moved successfully.
    C:\PDF Suite folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: KOYO
    ->Temp folder emptied: 41925 bytes
    ->Temporary Internet Files folder emptied: 23930163 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 26721258 bytes
    ->Flash cache emptied: 969 bytes

    User: KOYO_2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Others
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 70119907 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 115.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KOYO
    ->Flash cache emptied: 0 bytes

    User: KOYO_2
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Others
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11262010_030404

    Files\Folders moved on Reboot...
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA281.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA282.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA283.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA284.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA285.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA286.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA287.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA288.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA289.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28A.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28B.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28C.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28D.tmp moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\CAY3GRF8.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\crosspixel-dest[1].htm moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\menu28[1].htm moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\revo_uninstaller_free_download[1].htm moved successfully.
    File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\CAGDA3CD.com not found!
    File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\topic156963-2[9].html not found!

    Registry entries deleted on Reboot...
  18. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Now, the statement listed below is conditional.
    I can't guarantee, that Virut didn't spread.
    So, we'll run final steps, but you'll have to watch your computer very closely from now on....



    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  19. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    OTL log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: KOYO
    ->Temp folder emptied: 16781 bytes
    ->Temporary Internet Files folder emptied: 2480552 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: KOYO_2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Others
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 67895779 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 67.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: KOYO
    ->Flash cache emptied: 0 bytes

    User: KOYO_2
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Others
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.17.3 log created on 11262010_031758

    Files\Folders moved on Reboot...
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\iframes_api_loader[1].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\topic156963-3[1].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\CA4LABOT.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\menu28[2].html moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\CA7QNE3J.com moved successfully.
    C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\crosspixel-dest[1].htm moved successfully.
    File move failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  20. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    I'm about to do step 2 (OTL cleanup) but reading ahead to step 3, how do I make sure windows updates are current? And I still haven't yet updated IE to 7. Should I do that as well.
  21. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    Yes, update IE now.
    As for Windows updates......Start>Windows Updates
  22. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Hi Broni,

    Thanks for all your help and your patience. You're awesome.

    IE is updated to 7.

    I've downloaded and installed WOT, Secunia Personal Software Inspector (PSI) and FileHippo Update Checker. I'll definitely be running them weekly.

    I haven't updated windows. I didn't understand the Start>Windows Updates instruction. Would you mind going over it step by step or being a bit more specific.

    What's defrag? I'm sorry but I'm a complete computer/IT dunce.

    I've saved the webpage http://www.bleepingcomputer.com/forums/topic2520.html
    I'll read it later today.

    I'll change all my passwords later on today. I hope that's all right. It's 4am where I am and I'm feeling kind of foggy. I'd like to get some shut-eye because my eyes are half closed now.

    So far my laptop seems ok. I don't use this laptop at work so won't be able to do the rest of this stuff until this evening when I get back from work. I'll be able to give a proper rundown on it then.

    Thanks again.
  23. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Sorry. It's not 4am here it's 2 am. And you said that I might have to create a new user profile as a regular user as my old one seems to be corrupted. I can access my documents in my profile from administrator but I can't access my music and pictures. Will I be able to transfer non corrupted files from my old profile to my new profile?
  24. Broni

    Broni Malware Annihilator Posts: 45,217   +243

    If you click on Start button, you should see Windows Updates option there.
    ...or go to http://www.windowsupdate.microsoft.com

    As for defrag...
    Start>All Programs>Accessories>System Tools>Disk Defragmenter

    Then...
    How to copy data from a corrupted user profile to a new profile in Windows XP: http://support.microsoft.com/kb/811151

    I'll mark this topic as resolved, but I'm not 100% convinced.
    But, I'll keep my fingers crossed.

    Good luck and stay safe :)
  25. hbuteme

    hbuteme Newcomer, in training Topic Starter Posts: 37

    Thanks a lot Broni. I've managed to do the windows update and defrag but I'm unable to copy data from the corrupted user profile to a new one. I think as I can access the most important (and irreplaceable) stuff from my corrupt profile from the admin profile then losing my music and pictures is not such a big deal.

    Cheers.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.