TechSpot

Virus/Worm/Trojan/Malware Cleanup

By punjabdapunk
Nov 7, 2007
  1. Hi,
    I'm helping a friend remove a number of Virus/Worm/Trojan/Malware issues after she spent sometime playing with limwire.

    I've used howard_hopkinso useful advice posted in thread :
    "techspot.com/vb/topic58138.html"

    to create the log files required. Also, no rootkits were found.

    I'm hoping someone with more knowledge than me can advise on what's left.

    I'm worried about the m?iexec.exe entry in HijackThis.

    MS Messenger also does not start . . . the error we get when it starts is the "parameter is incorrect".

    Let me know if there is anything else you need.

    Thanks

    Kind regards
    punjabDaPunk
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Delete all files in AVG Antispyware quarantine.


    Open notepad and copy/paste the text in the code box below into it:
    NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
    Also ..

    Pay particular attention to this :-

    Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
    Code:


    Save this as CFScript.txt

    Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

    [​IMG]

    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

    Regards Howard :wave: :wave:

    This thread is for the use of punjabdapunk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. punjabdapunk

    punjabdapunk TS Rookie Topic Starter

    Hi Howard,
    Thank you for you prompt reply.

    I've done as you instructed and attach the logs as requested.

    Kind regards
    punjabDaPunk
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    All clean.

    Delete the following folder.

    C:\qoobox

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    Go HERE, download and install the latest version of Java.

    Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of punjabdapunk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. punjabdapunk

    punjabdapunk TS Rookie Topic Starter

    It All Clean

    Hi Howard,
    It's all clean. Thanks for your clear advice.

    Hope you don't mind but I do have a question (the last I promise).

    I just want to know how you go about improving your knowledge of viruses., worms, trojans and malware.

    Any pointers welcome.



    Kind regards
    punjabDaPunk
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    That is quite a difficult question to answer.

    Experience is the name of the game really.

    However, if you`re interested in learning how to fight malware, I suggest you consider joining the Malware Removal University.

    Regards Howard :)

    This thread is for the use of punjabdapunk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. punjabdapunk

    punjabdapunk TS Rookie Topic Starter

    Malware University

    Thank you for the good and sound advice (as expected).

    Take care
    Shazad

    This thread is now closed: If you need this thread unlocking, please pm a moderator with a link to the thread.

    Only the original thread starter can do this. Anyone else, will be ignored.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.