Am I Clean Now?

[bruzynski]

I would appreciate of someone could have a look at my logs and indicate whether I'm clean or not.

Ok I have run the 8 steps. and since i've been reading etc. i have also run some of the other tools too. I am posting these logs including the AVG log that told my i first hada problem (anti-virus 2009). I didn't have too many problems running the tools, only at first with malware i had to change the name and run in safemode and that first run took more than 8hrs (i think casue i was asleep).

Hopefully I got close to clean and can just get a bit of a checkup and then clean the tools.

Thanks for all your help.

regards
mmb

 

[bruzynski]

more log files

 

[bruzynski]

and yet one more

 

[Bobbye]

It's always helpful to give us some explanation of what the problem is-or was. Tossing the logs out with no explanation is not the way to get the best help. It's interesting to note that where you posted the 5 Mbam logs, all were clean except for one entry in the third listed log.

Okay, let's get these handled first:
Did you remove the Trojans in the AVG vault?
Update AVG:

Your AVG is out of date. You show v7 which is no longer being supported. Update to v8:
http://free.avg.com/download
When you get AVG updated, run a new scan with it.

Update Java:

Your version of Java is now outdated. Java vulnerabilities are commonly exploited by viruses so I strongly recommend you update. Click here to download the latest version of java ( Java Runtime Environment (JRE) 6.0 Update 10 ): http://java.com/en/download/manual.jsp
Please install it and then reboot your computer.

Update Adobe:

Your Adobe Reader is out of date. Vulnerabilities can be exploited. Click here to download the latest version v9: https://www.techspot.com/downloads/2083-adobe-reader-dc.html
OR
Install the FoxIt Reader: this does the same thing as Adobe, but doesn’t have the bloat: http://www.foxitsoftware.com/pdf/rd_intro.php
Click on ‘Get it Free button

When all the updates have been done:
Control Panel> Add/remove Programs> uninstall old AVG 7, Java v6u7 and Adobe 7.

You have McAfee Free scan running in the background. It needs to be stopped.

Please run SuperAntispyware- this is good to check for tracking Cookies as well as other malware entries and Cookies can be reset to prevent 3rd party tracking Cookies in the future. Follow by rescan with HijackThis. Attach both logs.

You don't need tor rerun the other programs. But it would be helpful to know what problems you were experiencing and what the system status is now.

EDIT: DO NOT use System Restore, The malware is in the restore points. We will drop those at the end of the cleaning.

 

[bruzynski]

Thank you for your help.

I have a little more info.

What happened:
SImilar to others. I was surfing and my computer poped up a couple of windows and stuff telling me that i had a virus and when i tried to close them etc. my computer restarted. When it came back up i had antivirus 2009 installed on my desktop and a balloon notification in my task bar telling me i had a virus and to run/download antivirus 2009 etc. like a retard i clicked on the balloon and when antivirus 2009 started running i pulled all my plugs and started killing processes and stuff and then powered down and started reading the 'security & the web' topic (where i meant to post this thread).

I tried to follow the 8 step process suggested in the FAQ threads. It was a long process and i had to do a number of things that i saw suggested in other threads to get the tools working. I am including two more mbam logs which are the first two that ran. The first was in safe mode run from a different user than the original infection and with mbam renamed. The second is the first full scan with mbam.

since then i have been rather busy and haven't had the time to deal properly with this. what I have been doing is running mbam and sas and ccleaner and avg everyday (with all of therie updates). things seem to be running smoother than they have in months (this may be an illusion as this computer is not often used).

which brings me to the next post i shall make...

 

[bruzynski]

Avg has been updated...on a full scan it found

Grove.x32 adware generic2.KBT

Java has been updated

Acrobat reader has been updated

avg 7 has been uninstalled

i can not find java 6.7 nor adobe 7 to uninstall...but i may have done this last week sometime...getting old and can't remember

i can not find McAfee Free scan running in the background...i may need help to find it.

finally i have updated and run sas and hjt and am attaching the log files to this post.

Thanks to you again.

 

[Bobbye]

Okay then. Next time you ask for malware cleaning help, give us the problems right up front.

Have SAS Remove the Tracking Cookies.

See this site for screen shots of where to check. Click on lower image on left to enlarge:
http://superantispyware.en.softonic.com/images

Reset Cookies:

Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

Mbam logs:

You ran Malwarebytes on 11/14/2008 6:09:31 PM, but did not check the removal box.
You ran it again on 11/15/2008 11:33:05 AM and it's clean.
I've already commented on the 5 you left previously from 11/17-11/25. It looks like you've come a long way!

The HijackThis log looks good- with one exception> you have a lot of processes loading at startup that will slow you down> things like Creative SB Live, QuickTime, Pixami Image Control, IPIX, Linkedin Contact Finder, MSN Photo Upload Tool, Adaptec, for instance. These are valid programs, but they don't need to start on boot. That will slow you start up, surf and shutdown times.

If you want to work on that:

Start> Run> msconfig> enter> Selective Startup> Startup tab> UNCHECK everything (including WkDetect.exe) except the AVG processes> Apply> OK> Reboot.

You will get a nag message that you can ignore after checking 'don't show this message again'. Stay in Selective Startup.

All of those processes you took off of Startup can be started manually when you need them by using All Programs to access the program.

You should also consider getting a firewall:

Recommended Free Firewall:
Comodo:http://www.personalfirewall.comodo.com/
Zonealarm:http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

We can remove the cleaning programs now:

Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) Click the CleanUp! button.
It will go through the list and remove all of the tools it finds and then delete itself (requiring a reboot).

Clear your existing System Restore points and establish a new clean restore point:
Quote:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
1. Next, go to Start > Run and type in cleanmgr
2.Ensure the selection is on C:\ and click on OK"-
3. Select the *More options* tab
4. Choose the option to clean up System Restore and OK it.
This will remove all restore points except the new one you just created. [/QUOTE]

 

[bruzynski]

excellent

thank you very much...i will work on and get back again tomorrow.

 

[Bobbye]

You're welcome. Let us know if you need more help.

 

[Tedster]

In the future please post security questions in the security forum. thanks!