TechSpot

Trojan:WinNT/Simda.gen!A how to remove

Solved
By Communications
Sep 17, 2012
  1. Communications

    Communications TS Member Topic Starter Posts: 28

    ESET just finished, no threats found
     
  2. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  3. Communications

    Communications TS Member Topic Starter Posts: 28

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 77264 bytes
    ->Temporary Internet Files folder emptied: 39130486 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 647 bytes

    User: Matt
    ->Temp folder emptied: 4547075 bytes
    ->Temporary Internet Files folder emptied: 90351643 bytes
    ->Java cache emptied: 399789 bytes
    ->Flash cache emptied: 3251 bytes

    User: Public

    User: Tammy
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 105800 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 128.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Matt
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Tammy
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Matt
    ->Java cache emptied: 0 bytes

    User: Public

    User: Tammy
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.65.1 log created on 09262012_001825
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  4. Communications

    Communications TS Member Topic Starter Posts: 28

    OTL was run and cleaned out everything. computer is still running the way it should. I attepmted to do a windows update but I get an error message saying "An error occured while checking for updates for your computer. Error Code 80070422." I still have this in my files not shure if it was safe to delete or not "TDSSKiller_Quarantine" so ill await your reply. my GF used to use my computer but she has one of her own now. while I attempted a system restore before I came here it took her name off the start up list but I still see her folders in ://C/Users/Tammy not shure how to delete them.
     
  5. Communications

    Communications TS Member Topic Starter Posts: 28

    I have a system score of 90 with the updated software but it will not allow me update anythign because of the windows update not working. another thing I noticed since OTL rebooted my computer, when I go to click on a file ill double click to open, but instead of opening it it opens the properties instead, how can I change this back?
     
  6. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    You can delete "TDSSKiller_Quarantine" folder.

    Is her name still listed in Control Panel\Users?
    If so remove it from there.

    Turn the computer off. Wait 1 minute. Restart.
    If that doesn't fix it make sure your ALT keys are not stuck.
    Also check mouse properties in Control Panel. Check left, right click settings.

    As for updates...
    Try "FixIt" tool from here: http://support.microsoft.com/kb/971058 (scroll down).
     
  7. Communications

    Communications TS Member Topic Starter Posts: 28

    All the above has been done and computer is back to normal, with the exception of the windows update. I ran the fix engine, and it stted it repaired the components, but I again tried to check for updates and still got the same error code. so not shure whats up with that.
     
  8. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    In that case...

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck :)
     
  9. Communications

    Communications TS Member Topic Starter Posts: 28

    Ok Broni, I will do that, but yes my malware issue has been resolved, with great thanks to you. I Thank You very much.
     
  10. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    You're very welcome [​IMG]
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.