Infostealer.gampass infection
- Thread starter Poi45iop
- Start date
- Status
Had to run some errands then had dinner!
OK the first thing, lets deal with these files on Desktop.
Did you create the folder to put them in?
If so move (cut) and paste into the folder get them all off the Desktop.
Reboot see if they come back or if windows misses something and if it does let me know what.
Let me know!
BTW I ran SDFix on a clients Vista computer today because I needed to and it ran. But just to see it would not run on 2 other Vistas.
Mike
OK the first thing, lets deal with these files on Desktop.
Did you create the folder to put them in?
If so move (cut) and paste into the folder get them all off the Desktop.
Reboot see if they come back or if windows misses something and if it does let me know what.
Let me know!
BTW I ran SDFix on a clients Vista computer today because I needed to and it ran. But just to see it would not run on 2 other Vistas.
Mike
Nothing obvious in all that but
Does the below exist as a file or folder in the Windows folder?
C:\Windows\½À°Ä ÒÆ*°
If so get me some info on Size properties etc, then double click it and see if it responds or opens if a folder. Last see if you can cut it and paste it into the folder we made on the desktop.
----------------------------------------------------------------------------------------------------------------------
Lets do some general maintenance/cleanup
Download AutoRuns http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Run it let it scan, then when it says ready at bottom left corner click File at top and then Find.
Type in the find box file not found and hit enter and delete all lines that have file not found.
There are a bunch of old stuff that M$ thought you might or would need that no longer exist or for computers that are assumed to have SCSI or AMD processors but do not!
Then look carefully through all the other entries and delete anything that you may have had but uninstalled and thought was gone. If you are sure delete these also.
Then get RunScanner http://www.runscanner.net/download.aspx
Click Scan computer
Double click all File not found Red lines to select, then click Item fixer and remove them. Then click Extra stuff again select all Red lines.
Then click back to Malware hunting and Click the Item fixer again and remove these. Same as already said on AutoRuns stuff that was assumed to be need but you do not have.
None of these items can run as the file is missing so most of the improvement you may see comes as a quicker startup as windows no longer searches or tries to load some of these. But some have noticed a faster shutdown also.
Reboot and recheck with both AutoRuns and RunScanner.
You can delete the Desktop SDFix install program, then browse and delete the C:\SDFix folder.
Give me a status report of issues left after this (the files on the Desktop tucked away) and giving no problem even after rebooting. After a few days delete the entire folder.
So what are the remaining issues
Mike
Does the below exist as a file or folder in the Windows folder?
C:\Windows\½À°Ä ÒÆ*°
If so get me some info on Size properties etc, then double click it and see if it responds or opens if a folder. Last see if you can cut it and paste it into the folder we made on the desktop.
----------------------------------------------------------------------------------------------------------------------
Lets do some general maintenance/cleanup
Download AutoRuns http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Run it let it scan, then when it says ready at bottom left corner click File at top and then Find.
Type in the find box file not found and hit enter and delete all lines that have file not found.
There are a bunch of old stuff that M$ thought you might or would need that no longer exist or for computers that are assumed to have SCSI or AMD processors but do not!
Then look carefully through all the other entries and delete anything that you may have had but uninstalled and thought was gone. If you are sure delete these also.
Then get RunScanner http://www.runscanner.net/download.aspx
Click Scan computer
Double click all File not found Red lines to select, then click Item fixer and remove them. Then click Extra stuff again select all Red lines.
Then click back to Malware hunting and Click the Item fixer again and remove these. Same as already said on AutoRuns stuff that was assumed to be need but you do not have.
None of these items can run as the file is missing so most of the improvement you may see comes as a quicker startup as windows no longer searches or tries to load some of these. But some have noticed a faster shutdown also.
Reboot and recheck with both AutoRuns and RunScanner.
You can delete the Desktop SDFix install program, then browse and delete the C:\SDFix folder.
Give me a status report of issues left after this (the files on the Desktop tucked away) and giving no problem even after rebooting. After a few days delete the entire folder.
So what are the remaining issues
Mike
The issues are as follows:
The edited registry keys allowing me to see hidden/superhidden files remain edited, which is a sign the virus is still there
My computer is slow (bit less than the average computer) though a month ago it had 5 stars for speed in the nornton (cleanup?) program.
I am unsure as to whether we have actually done anything that had gotten rid of the virus.
My clock settings are using "army time" eg 19:14
The edited registry keys allowing me to see hidden/superhidden files remain edited, which is a sign the virus is still there
My computer is slow (bit less than the average computer) though a month ago it had 5 stars for speed in the nornton (cleanup?) program.
I am unsure as to whether we have actually done anything that had gotten rid of the virus.
My clock settings are using "army time" eg 19:14
Detected by what Norton?
And what did it do fix,delete, quarantine or what?
Mike
EDIT:
Update then run SAS
Click Preferences-Repairs
Then counting down from top do the following entries
Numbers 6, 8, 11, 12, 13,18, 19, 23 and 24!
Superhidden files
Click Start-Run.
Type in regedit in the box and click OK
regedit opens, navigate through HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
Right-click on ShowSuperHidden and select Modify.
1 to show 0 to hide
Change the value to 0 and click OK to save your changes.
Reboot and test report results
Mike
And what did it do fix,delete, quarantine or what?
Mike
EDIT:
Update then run SAS
Click Preferences-Repairs
Then counting down from top do the following entries
Numbers 6, 8, 11, 12, 13,18, 19, 23 and 24!
Superhidden files
Click Start-Run.
Type in regedit in the box and click OK
regedit opens, navigate through HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced.
Right-click on ShowSuperHidden and select Modify.
1 to show 0 to hide
Change the value to 0 and click OK to save your changes.
Reboot and test report results
Mike
Hopefully this is a good thing, and not a new virus. mbam detected 6 objects, which seemed to have been removed properly. immediately afterward, my computer logged off and shut down, before i could save the log file. Luckily i took a screenshot of the results. The results surprise me, as the programs seem extremely safe. It's website is rated green in WOT and Mcafee site advisor, without any comments warning of Trojans etc.
mbam detect is an uncompleted scan run on the 2nd, and redkawadetect a completed on the third.
I have yet to run a second mbam scan, have downloaded http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx to run, will download others like ad-aware, will manage my files to see if anything is odd. will screenshot nortons initial detection details, and will run autoruns and runscanner.
Is there anything i have forgotten?
mbam detect is an uncompleted scan run on the 2nd, and redkawadetect a completed on the third.
I have yet to run a second mbam scan, have downloaded http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx to run, will download others like ad-aware, will manage my files to see if anything is odd. will screenshot nortons initial detection details, and will run autoruns and runscanner.
Is there anything i have forgotten?
- Status
Similar threads
Latest posts
-
Logitech thinks the computer mouse needs an AI upgrade- Dimitrios replied
-
Lenovo and Micron are first to announce a laptop using LPCAMM2 memory- Shawn Knight replied
