Possible w32.Perlgova / irc.momma infection

[Chimaera]

Hey Everyone!

First just a quick note of thanks for the super-thorough instructions on scouring my system of a possible virus infection!

A few days ago, I started getting Windows errors about temp2.exe on getting to my desktop. I'm not exactly a n00b when it comes to computing so I know this sort of thing can be bad. Sure enough, I was lead to another thread here in the forums to read a somewhat alarming post about what virus is likely is/was and followed the virus/malware removal steps to the letter!

I have for your browsing pleasure 3 log files to attach to this post. I'd very much appreciate it if someone with more awareness of the registry info provided might be able to tell me if I'm free and clean once again! I have a pile of other logs from all the scans and such I did, if anyone wants or needs them I'll dig them up as well!

Thanks in advance!

 

[Blind Dragon]

It looks like everything was cleaned up nicely. Just a word to the wise - when you download cracks or keygens, a lot of times they are trojans. Sometimes they aren't and are just picked up as false positives. Either way it can be risky.

Let's try a few more things just to see.

Malwarebytes' Anti-Malware

• Please download Malwarebytes' Anti-Malware to your desktop.
  
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Run Kaspersky Online AV Scanner

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[Chimaera]

Thanks for the most-likely-all-clear!

Yeah, I know about the keygens. I have not accessed or run those things in ages. They are 100% NOT the source of my possible virus. I suspect it's either the copy of Celesita; a planetarium program I was trying out a couple weeks back, or it came on the new mem-stick I bought that same weekend, which I would find very alarming and super not-cool!

That does bring a question to mind though: Do you think the virus I may have had can be transmitted through web code? I don't have much experience with which ones can spread that way so I'm not so sure.

 

[kritius]

You still have two scans to run.

 

[Blind Dragon]

No idea how your virus spread but please do post those 2 logs.

 

[Chimaera]

No problem. Doing the Kaspersky scan right now. Should be done shortly.

 

[Chimaera]

ok! Got those other logs here for inspection!

That Kaspersky scanner takes a super long time to run! I have emptied my recycle bin since these logs were generated, so I believe I'm problem-free now, yes?

Thanks again for having a glance at these logs!

 

[Blind Dragon]

yea, time to clean up and secure the work you have done.

Uninstall Combofix
* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter.

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

-----------------------------------------------------------------------
Cleanup using OTMoveit2 by OldTimer
Now we can clear out the rest of the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally.

Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

1. Double click OTMoveIt2.exe to launch it.
If using Vista Right-Click OTMoveIt and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

* When finished exit out of OTMoveIt2

---------------------------------------------------------------------------
I recommend you keep
1 anti virus program
1 firewall
Combo of Anti-Spyware (Spybot S&D and MBAM, or your choice)

For Spybot you can download the latest version from HERE.

keep them updated.

You can also turn on tea timer in Spybot:

• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• check Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green though.

And just to be sure
Set correct settings for files

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
• Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
• If unchecked please check Hide protected operating system files (Recommended)
• If necessary check "Display content of system folders"
• If necessary Uncheck Hide file extensions for known file types.
• Click OK

clear system restore points

• 
  This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  This will remove all restore points except the new one you just created.