Multiple infections

Status
Not open for further replies.
D

damian47young

Posts: 12   +0
Hi, trying to sort out a PC with multiple infections.

I've completed your 8 step guide and I attach the required logs.

The PC in question can only boot in normal mode, Safe Mode just goes BSOD while booting.

Many thanks
 

Attachments

  • mbam-log-2009-10-20 (20-32-58).txt
    5.5 KB · Views: 5
  • SUPERAntiSpyware Scan Log - 10-20-2009 - 21-02-42.log
    850 bytes · Views: 5
Welcome to TechSpot Damian. I'll try to help you sort out the malware. It's important that you run only those programs that I instruct you to and don't download, install or uninstall any others.

It is also important that you follow the order I give you. And it is helpful if you can give me specific symptoms that you are having with the system.

You've had a Backdoor.bot infection whose sole job is to steal your information and report it. For that reason, I advise you to change ALL of your passwords and closely monitor any online banking or transactions.

Please run a full system scan with McAfee. Save the logs and attach it in your next reply.

Please download ComboFix HERE:
  • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  • Run Combo-Fix.exe and follow the prompts.
    (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
  • Wait for the scan to be completed.
  • If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

  • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Then rescan with HijackThis. Paste the HJT log into the next reply.

Attach the McAfee log and the Combofix report.
 
Bobbye said:
You've had a Backdoor.bot infection whose sole job is to steal your information and report it. For that reason, I advise you to change ALL of your passwords and closely monitor any online banking or transactions.
Click to expand...
Just to add, be sure you change it on a different, clean system of course.
 
Many thanks for the assistance guys.

All the passwords have been safely changed already, first thing I told him to do when I found the infections.

Combo-fix is asking to download and install the Microsoft Windows Recovery Console. Is that something you want done at this stage or shall I pass on that for the moment?
 
Hi, scans completed and attached.

Safe Mode now boots without problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:51, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=3070129
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Update Service (gupdate1c9cf20368bec14) (gupdate1c9cf20368bec14) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 9923 bytes
 
Are you experiencing any of the original system problems at this time? I have asked someone about the port exception in your firewall, but otherwise, the system looks good.

Hang tight- I'll be back as soon as I get some feedback. If the original problems have been resolved and the port exception is within normal limits, I'll have you remove the cleaning tools and old restore points.
 
It's a bit hard to be sure as it's not my PC but there doesn't seem to be anything irregular happening. The pop-ups and hijacking in IE have gone and Safe Mode works again.

Other than that I'd have to let the owner give it a whirl and see if he notices anything amiss.
 
Is the Dell being used in a business setting? That would account for the port opening.

Check on any system problems, then do the following:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

I'm running behind so be patient.
 
No it's just a home PC. I have currently got it connected to my home network while I fix it though which has several PCs on it, could it be down to my router's settings?

ESET NOD32 Log attached

Once again, many thanks for your assistance.
 
There are still some active infections:

When Spybot quarantines files, it makes a backup in case you need the files again. It's in the Recovery Folder which is hidden. Eset found FraudAdvancedVirusRemover2.zip Win32/Bagle.gen.zip worm in the Spybot Recovery folder.

From SaferNetworking:
If the file found is in the Recovery directory inside the Spybot-S&D directory, it is such a backup. It is no longer of any harm there, as the file will not be found and loaded from there. But once you are sure you do not need the backup, go to the Recovery section inside Spybot-S&D and purge that files.

Current versions compress the recovery files into password-protected zip archives, thus avoiding other spyware applications will give false alarms. Some programs might notify you that they cannot access these zip archives - this can easily be ignored. As the recovery files are named after the threat some programs might also naively detect the backups as threats just because of the file name. This can also be ignored.
Click to expand...

My recommendation would be to remove this file. Since it's in a hidden folder:
Control Panel> Folder Options> View tab> check 'show hidden files and folders'> Apply> OK.

Open the Spybot program> navigate ot the Recovery> check this file> click on 'Purge selected items'> Apply> OK

Then go back and uncheck 'show hidden files and folders. Note: thid malware is no capabable of reinfecting the system as long as it's in the Recovery folder.

Empty the Recycle Bin

Meet your malware: Win32/Kryptik.AHK trojan
Trojan-Spy.Agent Trojan-Spy.Agent steals password and other confidential information and sends them to an attacker.

Follow this path to delete each of the files in Windows Explorer:
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

Control Panel> Folder Options> View tab> check 'sho hidden files and folders'> Apply> OK
Right click on Start> Explore> My Computer> Local (C) Drive:

C:\Windows\System32> right click on calc.dll> Delete
C:\Documents and Settings\[UserName] > Windows> right click on protect.dll> Delete
C:\Documents and Settings\[UserName]> Windows> right click on ntuser.dll> Delete

Go back and rehide the files and folders.

Then run the following:

TFC (Temp File Cleaner)

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.

Empty the Recycle Bin

Run this again:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the Active X control to install
  • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
 
Okay, the three DLL files you asked me to delete in safe mode no longer seem to be there. I searched for them as well just to be sure.

TFC was run and the latest ESET log is attached, thanks.
 
Damian, this is the same Eset log. It has not quarantined what it found.

Eset scan 1: # utc_time=2009-10-28 07:28:57
# local_time=2009-10-28 07:28:57
C:\virus a variant of Win32/Kryptik.AHK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover2.zip Win32/Bagle.gen.zip worm 0000000000000000


Eset scan 2: utc_time=2009-10-28 07:28:57
# local_time=2009-10-28 07:28:57 I
C:\virus a variant of Win32/Kryptik.AHK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudAdvancedVirusRemover2.zip Win32/Bagle.gen.zip worm 0
Click to expand...

The following needs to be done: Rescan with the following checked:

[*] Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

It won't remove the Spybot recovery entry, but it should remove the Win32/Kryptik.AHK trojan. The give me that log.
 
Still there. Let's try a different program:
Open Kaspersky Online Scanner in Internet Explorer HERE.
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    [o] Scan using the following Anti-Virus database> Extended (if available otherwise Standard)
    [o] Scan Options: Scan Archives> Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    [o] Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Attach Kaspersky log.
Then run a new scan with HijackThis. Paste that log in next reply

Please advise if any of the original problem remain or if there are any new problems.
 
Hi, shoot me down if I'm missing the point here but if the "Remove found threats" option is UNchecked in ESET then it won't remove anything?
 
I won't shoot you! No, it won't remove the threats without the check> but it allows us to see what is still on the system.
 
Hi, the Kaspersky Online Scanner is unavailable at the moment, they're putting a new one up soon apparently.

Would Trend Micro's HouseCall be any good?
 
damian, the logs are clean. Are you experiencing any of the original problems? If not, the cleaning tools can be removed:

Remove all of the tools we used and the files and folders they created
  • Download OTCleanIt by OldTimer
  • Save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

If you are prompted to Reboot during the cleanup, select Yes.

You should now set a new Restore Point to prevent infection from any previous Restore Points. The easiest and safest way to do this is:
  • Go to Start > All Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new Restore Point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire.
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here.

Please let me know if I can be of further help.
 
You're a star! Many thanks for all your help, it's greatly appreciated.

Do you have a recommended combination of anti-virus/anti-malware etc for ongoing ptotection? Is McAfee up to the task?
 
Oh I do! Basic protection is one antivirus program, one firewall and two or more spyware/adware programs. Can McAfee do it all? Maybe. I don't use suites- I preffer stand-alone programs. But this is only y personal preference. Here are some tips for you:

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:
  • Visit the Microsoft Download Sitefrequently.
    You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1
  • Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security
  • Spywareblaster:
  • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • IE/Spyad
  • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.

It's all important! Make it work for you.
 
Oh I do! Basic protection is one antivirus program, one firewall and two or more spyware/adware programs. Can McAfee do it all? Maybe. I don't use suites- I preffer stand-alone programs. But this is only y personal preference. Here are some tips for you:

Please follow these simple steps to keep your computer clean and secure:
1.Disable and Enable System Restore: This will help you to drop the old restore points and set a new, clean one:

System Restore Guide

2.Stay current on updates:
  • Visit the Microsoft Download Sitefrequently.
    You should get All updates marked Critical and the current SP updates:Windows 2000> SP4, Windows XP> SP2, SP3, Vista> SP1
  • Visit this site[Adobe Readeroften and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
  • Check this site often.Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.

3.Make Internet Explorer safer. Follow the suggestions HERE
This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features.

4.Remove Temporary Internet Files regularly: Use5. Use an AntiVirus Software(only one)
6.Use a good, bi-directional firewall(one software firewall)
[*]See Understanding and Using Firewalls including links to download a firewall.

7.Consider these programs for Extra Security
  • Spywareblaster:
  • SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
  • IE/Spyad
  • This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  • Google Toolbar Get the free google toolbar to help stop pop up windows.

It's all important! Make it work for you.
 
Status
Not open for further replies.

Similar threads

A
A weird storage bug in Android 14 is locking users out of their phones
Replies
4
Views
293
maxxcool7421
M
Julio Franco
Are return-to-office mandates actually masquerading as "quiet firing"?
Replies
0
Views
75
Julio Franco
Julio Franco
midian182
  • Locked
Study reveals left-wing bias in ChatGPT's responses (Correction: it doesn't)
2
Replies
46
Views
2K
Plutoisaplanet
Plutoisaplanet

Latest posts

Back