TechSpot

Response to "8-step Viruses/Spyware/Malware Preliminary Removal Instructions"

Solved
By WonderGirls
Jul 27, 2010
Topic Status:
Not open for further replies.
  1. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    It won't run. You have to disable sleep mode.
    The scan may keep computer awake, but I'm not 100% sure.
     
  2. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    How do you disable sleep mode then?
     
  3. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    I did some more reading and Kaspersky scan should keep your computer awake since your computer will be active.
     
  4. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Broni, although the scan is at 36% right now, it found something infected. Any thoughts what it could be?
     
  5. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    That's normal.
    So far, we eliminated all active infected threats.
    Kaspersky will (if) detect any inactive malicious files.
    Whatever found, I have to see the report and we'll remove those files in next step.
     
  6. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Kayy! We'll move on from there! I also told my friend about this site, she has this really old computer in her basement that's filled with viruses which her brother uses, that'll give you a good challenge.
     
  7. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Hahaha....
     
  8. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Also does it matter if I'm posting on this thread using Google Chrome while Kaspersky is scanning using Mozilla Firefox? I mainly used Google Chrome for everything but Kaspersky doesn't allow Google Chrome, so I used Mozilla Firefox instead. It was an old browser that my mom still uses.
     
  9. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    No, you're fine :)
     
  10. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Scan is finish, I'm attaching it now, I got something Backdoor.win.Poisoining!
     

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\Chris\Documents\P18.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
     
  12. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\Chris\Documents\P18.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Chris
    ->Temp folder emptied: 107074571 bytes
    ->Temporary Internet Files folder emptied: 2752809 bytes
    ->Java cache emptied: 128094 bytes
    ->FireFox cache emptied: 36671257 bytes
    ->Google Chrome cache emptied: 63968295 bytes
    ->Flash cache emptied: 1015 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Home
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 364334 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 201.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Chris
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Home
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 07272010_230955

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Cool :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =====================================================================

    Your computer is clean [​IMG]

    1. Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista/7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  14. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Broni, should I try to see if my MSN doensn't spam people the virus that got in there in the first place? And should I set my system restore as C:?
     
  15. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    Absolutely.

    Go ahead, you're good to go.

    Any issues?
     
  16. WonderGirls

    WonderGirls TS Rookie Topic Starter Posts: 46

    Everything seems fine Broni! I installed MSN and I'm not spamming anyone with the link of doom.

    Thanks a lot!
     
  17. Broni

    Broni Malware Annihilator Posts: 46,860   +254

    You're very welcome :)

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.