also @ TechSpot: Next iPad rumored to be 33% lighter and thinner thanks to new touchscreen tech

Please help! That nasty Sirefef got me.

Discussion in 'Virus and Malware Removal' started by Phasmos, May 20, 2012.

Post New Reply
Page 3 of 4

  1. Phasmos Newcomer, in training Posts: 53

    Yay! The desktop stayed put! The firewall, however, still can't be reactivated. The error I get says, "Due to an unidentified problem, Windows cannot display Windows firewall settings." Could the file have been deleted or ruined by the virus? Can I maybe download and reinstall a new version of it from Microsoft?

    Firefox still seems a bit "twitchy" (though admittedly it is not the latest version). The cursor still drags a bit from time to time, also. Could this be residual trouble, or is it normal behavior for a computer in this "post-operative" condition?

    Presumably, my passwords, account numbers, and other personal information have been collected or compromised, yes? Should I run around resetting these?

    Also, Windows Security Center still insists "Microsoft Security Essentials is up to date and virus scanning is on." How can this be, if I deleted the program several days ago? There's no trace of it in the Program Files folder. Should I download and reinstall that, too?

    Should I keep any of these various programs I've downloaded for protection or scanning purposes, or are they all too specialized to bother with hanging on to?

    Can you recommend any general cleaning or overall "housekeeping" procedures?

    Looking forward to your response. Broni, THANK YOU so very much for all your time and help!! :)
    Phasmos, May 26, 2012
    #41

  2. Broni Malware Annihilator Posts: 39,324   +175

    Uninstall:
    JavaFX 2.1.0
    Java(TM) 6 Update 29

    Is your Windows firewall turned on?
    Broni, May 26, 2012
    #42

  3. Phasmos Newcomer, in training Posts: 53

    Sucessfully uninstalled JavaFX 2.1.0, but...

    Tried to uninstall Java 6 update 29 and failed. Error message read:

    "Internal Error 2753. regutils.dll

    Fatal error during installation."

    Couldn't complete the uninstall. Corrupt file...?
    Phasmos, May 26, 2012
    #43

  4. Broni Malware Annihilator Posts: 39,324   +175

    That's fine.

    Broni, May 26, 2012
    #44

  5. Phasmos Newcomer, in training Posts: 53

    Firewall still doesn't work, though.
    Phasmos, May 26, 2012
    #45

  6. Broni Malware Annihilator Posts: 39,324   +175

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Registry Editor will open.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download following two registry keys:
    http://download.bleepingcomputer.com/win-services/xp/LEGACY_SHAREDACCESS.reg
    http://download.bleepingcomputer.com/win-services/xp/SharedAccess.reg
    Double click on each of downloaded files and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    Post new FSS log.
    Broni, May 27, 2012
    #46
     

  7. Phasmos Newcomer, in training Posts: 53

    Sorry - dumb question... What's an FSS log? And how do I generate one?
    Phasmos, May 27, 2012
    #47

  8. Broni Malware Annihilator Posts: 39,324   +175

    You still have that utility.
    See my reply #33:

    Broni, May 27, 2012
    #48

  9. Phasmos Newcomer, in training Posts: 53

    Ah! OK. Didn't recognize the acronym. Will apply changes now...
    Phasmos, May 27, 2012
    #49

  10. Phasmos Newcomer, in training Posts: 53

    Here's the log:

    Farbar Service Scanner Version: 25-05-2012
    Ran by Ann (administrator) on 27-05-2012 at 00:45:37
    Running from "C:\Documents and Settings\Ann\Desktop\Debugging Files"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****
    Phasmos, May 27, 2012
    #50

  11. Broni Malware Annihilator Posts: 39,324   +175

    Can you turn Windows firewall on now?
    Broni, May 27, 2012
    #51

  12. Phasmos Newcomer, in training Posts: 53

    YES!! Firewall is ON. Woo-hoo!!
    Phasmos, May 27, 2012
    #52

  13. Broni Malware Annihilator Posts: 39,324   +175

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, May 27, 2012
    #53

  14. Phasmos Newcomer, in training Posts: 53

    OK! I'm gonna run these tomorrow, 'cause it's past my bedtime. THANKS again!!
    Phasmos, May 27, 2012
    #54

  15. Phasmos Newcomer, in training Posts: 53

    Good morning, Broni --
    I hate to say it, but this morning, Firefox is behaving as if the thing is still around. Very slow to load or change pages; cursor dragging and freezing in "hourglass" mode; and a suspicious flash or blink of the browser's top window edge (or title bar) every now and then.
    OK, wait...the Avast notice (the one that says "Your definitions have been updated") just popped up, so maybe it was the automatic update that was eating memory and making the browser sluggish. I hope that's all it was! Anyway, as of this moment, it seems fine, so maybe that was the culprit. Maybe if I disable it...?
    I'll go ahead and run these final tests...
    Phasmos, May 27, 2012
    #55

  16. Broni Malware Annihilator Posts: 39,324   +175

    Broni, May 27, 2012
    #56

  17. Phasmos Newcomer, in training Posts: 53

    A new problem: I've just turned the speakers on, and have realized that all system sounds are playing in a cracked, speeded-up manner. I tried an MP3 and got the same result, which leads me to believe that the sound driver has been damaged or corrupted somehow... Any suggestions?
    Phasmos, May 27, 2012
    #57

  18. Broni Malware Annihilator Posts: 39,324   +175

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
    Broni, May 27, 2012
    #58

  19. Phasmos Newcomer, in training Posts: 53

    OK, sorry - I'll run the other tests and see what happens.
    Phasmos, May 27, 2012
    #59

  20. Phasmos Newcomer, in training Posts: 53

    Here are the OTL results from this morning:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Ann
    ->Temp folder emptied: 12009 bytes
    ->Temporary Internet Files folder emptied: 98842 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46558619 bytes
    ->Flash cache emptied: 707 bytes

    User: Ann.HOME1

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109744 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 2386105 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Ann
    ->Flash cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Ann
    ->Java cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.43.1 log created on 05272012_084013

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    Phasmos, May 27, 2012
    #60
Page 3 of 4

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.