Solved I need help removing viruses, among them Rootkit.Agent
- Thread starter startragic
- Start date
- Status
startragic
Posts: 19 +0
I am not certain. How can I double check? Did my logs show that the malware problems have been resolved as far as you can tell?
startragic
Posts: 19 +0
Oh and one more thing, whenever I restart my computer, a window shows that a start up program has been blocked and needs my permission to continue. The blocked program is System Configuration Utility. Should I click continue and allow it to run or could this reinfect my computer? This only started popping up when my computer first started having problems.
Bobbye
Posts: 16,313 +36
One file removed in Mbam
Another files for same malware removed in SAS
Adware from a program called PUZEGINI
Additional processes for Adware removed in CFFix> run with security on, processes returned
Malware removed in Dr. Web and OTMoveIt
Reboot allowed access to programs: if RAM is low, rebooting frees it up, but can start the cycle again. I don't know how much RAM you have, if it's enough or if all of the chips are good.
You need to sign on using the Administrator's account to make changes in msconfig.
If you make changes using the msconfig utility, the first time you reboot afterward produces a nag message which can be ignored and closed after checking 'don't show this message again. You have to stay in Selective Startup to retain the changes.
I requested that you disable the security per the instructions in Combofix and the CFScript. You did not. As far as I know the malware has been removed.
Uninstall ComboFix and all Backups of the files it deleted
Remove all of the tools we used and the files and folders they created
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
More details and screenshots for Disk Cleanup in Windows Vista can be found here.
If the permission problem continues, please post in the Windows OS forum.
If I can be of help in the future, let me know.
Another files for same malware removed in SAS
Adware from a program called PUZEGINI
Additional processes for Adware removed in CFFix> run with security on, processes returned
Malware removed in Dr. Web and OTMoveIt
Reboot allowed access to programs: if RAM is low, rebooting frees it up, but can start the cycle again. I don't know how much RAM you have, if it's enough or if all of the chips are good.
You need to sign on using the Administrator's account to make changes in msconfig.
If you make changes using the msconfig utility, the first time you reboot afterward produces a nag message which can be ignored and closed after checking 'don't show this message again. You have to stay in Selective Startup to retain the changes.
I requested that you disable the security per the instructions in Combofix and the CFScript. You did not. As far as I know the malware has been removed.
Uninstall ComboFix and all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Remove all of the tools we used and the files and folders they created
- Download OTCleanIt by OldTimer and save it to your Desktop.
- Double click OTCleanIt.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
- Go to Start > All Programs > Accessories > System Tools
- Click "System Restore".
- Choose "Create a Restore Point" on the first screen then click "Next".
- Give the Restore Point a name> click "Create".
- Go back and follow the path to > System Tools.
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.
More details and screenshots for Disk Cleanup in Windows Vista can be found here.
If the permission problem continues, please post in the Windows OS forum.
If I can be of help in the future, let me know.
startragic
Posts: 19 +0
Thank you for all your help!
Bobbye
Posts: 16,313 +36
You're welcome.
Please follow these simple steps to keep your computer clean and secure:
Let me know if you need help in the future.
Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
2.Stay current on updates:- Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
- Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
- Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
3.Make Internet Explorer safer. Follow the suggestions HERE This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.
4.Remove Temporary Internet Files regularly: Use ATF Cleaner by Atribune or TFC
5. Use an AntiVirus Software(only one)
See Virus, Spyware, and Malware Protection and Removal Resources
6.Use a good, bi-directional firewall(one software firewall) I recommend either of these software firewalls.- both are free and good:
Comodo or Zone Alarm
7.Consider these programs for Extra Security - Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
- IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
- MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
- Google Toolbar Get the free google toolbar to help stop pop up windows.
Let me know if you need help in the future.
- Status
Latest posts
-
Worry your friends with this $9,420 flamethrower robot dog
- Tinderbox replied
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied
