Major Issues

By SwimChao
Aug 10, 2008
Topic Status:
Not open for further replies.
  1. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Daniel, I've attached the log.

    When I booted my computer, for the first time in ages msconfig didn't start when the desktop loaded (Any reason why?)
  2. xxdanielxx

    xxdanielxx Newcomer, in training Posts: 1,214

    did msconfig always startup even when you first got this computer
  3. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    No, a long time ago my brother set it up to run at startup. Usually Ill just peek at what's running and then close it and disregard it.
  4. xxdanielxx

    xxdanielxx Newcomer, in training Posts: 1,214

    Well it is nothing bad to not have it stratup it could have been detected to be bad so it took it off. Your log looks clean just to make sure I want to run one las online scan it will take time so post back in the morning

    TrendMicro™ HouseCall Java Scan
    • Please go HERE to run the Trend Micro™ HouseCall Scan.
    • Click Scan now. It's free!
    • Read and put a Check next to Yes I accept the terms of use.
    • Click the Launching HouseCall>> button.
    • Under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
    • You may receive a Security Warning about the TrendMicro Java applet, click YES.
    • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
    • Please be patient while it installs, updates, and scans your system.
    • Once the scan is complete, it will take you to the summary page.
    • Under Cleanup options, choose clean all detected infections automatically.
    • Click the Clean now>> button.
    • If anything was found you may be prompted to run the scan again, you can just close the browser window.

    ========================================

    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

    ======================================

    Uninstall ComboFix

    • Click Start then Run
    • Now Type Combofix /u in the runbox
    • Make sure there's a space between Combofix & /u
    • Then hit Enter

    The above procedure will Delete the following:
    • ComboFix & it's associated files & folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide system/hidden files, if required.
    • Set a new, clean Restore Point.

    ------------------------------------------------------------------

    OTCleanit! by Oldtimer

    • Download OTCleanIt
    • Click the CleanUp! button.
      (It will go thorugh the list & remove all of the tools it finds and then delete itself) Requiring a reboot
  5. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Thanks so much ahead of time, I will follow these instructions throughout the night (If not in the morning, 2:00 AM here now).

    Thanks SO much.

    I have one last question:

    For 5 years I haven't had much online security, etc. I apparently had all these problems, but never noticed. My PC is never really ungodly slow, it was just recently slightly sluggish. Do you have any possible explanation for that? I was just curious is all.

    Thanks again, will report back in the morning.
  6. xxdanielxx

    xxdanielxx Newcomer, in training Posts: 1,214

    well It must of been something someone let in do you use torrents or p2ps like limewire
  7. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    I did for a period of time. I don't see any other actions to take here on trend micro. It says some things couldn't have been deleted.. Im going to try and figure it out and then follow the rest of your orders.
  8. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Daniel, Im encountering some self troubles, Im both tired and can't figure out some of the steps.

    Ill wait for you to get online and when Im awake to be able to finish this up.

    Talk to you soon
  9. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    FindAWF

    Click here to download FindAWF.exe and save it to your desktop.
    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to Press any key to continue.
    • Press 1 and then Enter, and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or to the same location as FindAWF.exe.
    • Attach AWF.txt file in your next reply.
  10. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Daniel and Blind Dragon,

    I ran the tool Blind Dragon posted up. Here are the results.
    Waiting for your orders on what to do next.
  11. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Fix AWF Infection
    Copy the file paths in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • Press 2 then Enter
    • Notepad will open a file named FindAWF.txt. It will appear with instructions to click below the line and paste the list of files to be restored.
    • Right click below this line and select Edit, Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
    • The program will proceed to move the legit files and will perform another scan for bak folders.
    • It may take a few minutes to complete, so please be patient.
    • When it is complete, it will open a text file in Notepad called AWF.txt.
    • Please attach AWF.txt file in your next reply
     
  12. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Dear Blind Dragon,

    Am I pasting the list of things underneath of the line
    _________________________________________
    like this?
  13. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    that is correct
  14. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Dear Blind Dragon,

    Below I have attached the log as directed.
    I wait for your next commands.
  15. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Fix AWF Folders
    Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    • Double-click on the FindAWF.exe file to run it.
    • It will open a command prompt and ask you to "Press any key to continue".
    • You will be presented with a Menu.
    • Press 3, then press Enter.
    • Press any key to continue.
    • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
    • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
    • The program will proceed to remove the bad folders and will perform another scan for .bak folder
    • It may take a few minutes to complete so be patient.
    • When it is complete, it will open a text file in notepad called AWF.txt.
    • Please attach the AWF.txt file in your next reply.



    Run Fix AWF one more time and press 4, then press Enter.
  16. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    I've missed your run fix AWF one more time step, will reply when done.
  17. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    I've finished all the steps, the log is posted in the post above.

    Waiting for your next orders.
  18. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    That's it, that should have repaired the damage done by the trojan - have you already followed daniel's thread for cleaning up?
     
  19. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Well, when I did the.. cleanmgr

    I left it and fell asleep for 3 hours, when I got up. It was still on the same spot of "Scanning: Compress Folders".

    I hit cancel because I thought there might have been something wrong. 3 hours was vicious (It might have been even more)
  20. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    yea I would give that another go - also note if msconfig loads at startup next time - because the legit .exe for it was hidden in a bak folder - and it was replaced with a malicious one
  21. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Really? Wow. That's weird.

    Also, Daniel gave me somewhat of an explanation.. But as I said when I came here, Im not the most tech-savvy person. But I always thought once a computer had such malicious files in it, it'd most likely be slowed down greatly. But mine really has never been extraordinarily slow.

    All I really do is.. once in a lightyear run a virus scan and I run CCleaner often. But that's really it. Any reason why it didn't perform horribly?

    Also, Ill be sure to take care of this PC this go around. I really appreciate all you guys have done, this has been an ungodly process for me and I haven't gotten alot of sleep. Now I feel confident that for the time being, as long as I don't screw it up, it should be okay.

    I'll go ahead and try the cleaning process again, if I run into trouble I'll post once more thru this thread for some advice.

    If the cleanmgr doesn't work, should I skip it for the time being?
  22. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    you really need to get through it because cleanmgr with run disk cleanup and clear all old restore points - which may have infection in them
  23. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Should I just leave it? Even though it's still doing the same thing. Ill close it or something and do other things I guess.

    It does the "Scanning: Compress Old Folders" with three orange squares to the loading bar and just sits there. My activity light on my tower doesn't even blink.
  24. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    I would leave it just to see - if you haven't run disk cleanup in a while it could take a long time
  25. SwimChao

    SwimChao Newcomer, in training Topic Starter Posts: 106

    Yeah, I've NEVER run it. Should I leave it run over night?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.