TechSpot

Windows XP - Infected with stubborn Astry worm (HELP)!

By sinetic87
Dec 7, 2007
  1. Hi, my desktop has been infected with a worm and I've tried to scan using lavasoft and ewido in safe mode, but still, the worm is stubborn.

    It causes a pop up at the user log in screen. It goes like this.

    Windows update (6300-NGSRP-TMR521A-SMG-542PH-3180)
    Check system setting or upgrade system.
    Maybe your system not full patch. System still safe.
    http://www.microsoft.com
    Patch code: AS3-CTRKEA-SR

    After clearing some adwares detected by lavasoft and ewido, it still doesn't go away. The HT log as follows:
    (Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.
     
  2. Daveskater

    Daveskater Banned Posts: 1,687

    You are using an outdated version of HJT. Please download the latest version from the link in this thread How to post an HJT log as an attachment and attach a new log to a new reply in the thread.

    When you post your new log, please use the Edit button and remove the log that you have copy and pasted.


    This thread is for the use of sinetic87 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    This is the new HJT. Sorry for the inconvenience caused in the previous post.

    Sinetic87
     
  4. Daveskater

    Daveskater Banned Posts: 1,687

    Unless you use the Ladbrokes website, fix this entry:

    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab

    Otherwise i don't think i can see anything that could be bad in your log.

    It may be worth you reading this thread If your system is infected, read this before deciding whether to Clean or Format.

    If you decide to clean your system,let me know :)


    This thread is for the use of sinetic87 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    Dave, I've followed the steps to clean my computer. I've tried using ss&d in safe mode and it has already deleted some malwares in my computer.

    But the pop up at the welcome screen is still there. Is there any way to delete it? perhaps there's a need to delete some particular entry in the regedit? I'm not sure at all.

    Sinetic87
     
  6. momok

    momok TS Rookie Posts: 2,265

    Since you have followed the steps, you should have posted the necessary logs for us to review. It explicitly states in the instructions to post ComboFix, AVG antispyware and HJT logs as well as letting us know the results of the anti-rootkit scan.

    Regards,
    momok
     
  7. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    Hi Momok, thanks for your prompt reply.

    I've already decided to reformat my computer. As I always do online banking with this computer, I guess reformat is the only way not to have my passwords compromised.

    Thanks for all the suggestions and replies. Really appreciated !

    By the way, I've installed AVG and zonealarm in my reformatted hard disk. Is the 2 programs strong enough?

    Thanks,
    Sinetic87
     
  8. Daveskater

    Daveskater Banned Posts: 1,687

    It would be good to get Spybot S&D and Ad-aware as well because they're both free and anti-spyware, which you don't have at the moment if you only have AVG Free and Zone Alarm Free.
     
  9. momok

    momok TS Rookie Posts: 2,265

    Are you referring to AVG Antivirus or AntiSpyware?

    You should always have an Antivirus software installed. AVG or Avast! are good options. And yes, SpyBot too; that one's a real gem.
     
  10. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    I'm talking about the AVG Antivirus. Previously I'm using Trend Micro Internet Security 2007 but it's sorta lagging in my computer.

    By the way, my computer is just P4 1.7GHZ with 1 gb ram. It's a few years' system. hehe = ).

    The real time protection offered by trend micro has a relatively high cpu usage consumption compared to both AVG + ZA.

    But for protection wise, I'm not sure if TM's better than AVG+ZA. What do you reckon?
     
  11. evilfantasy

    evilfantasy Banned Posts: 428

    ZA can use considerable resources as well.

    Consider this set up. (all free and lightweight)

    Antivirus
    AVG Antivirus

    Firewall (use only one)
    Comodo http://www.techspot.com/downloads/2311-comodo-personal-firewall.html
    or
    PC Tools Free Firewall http://www.techspot.com/downloads/3991-pc-tools-firewall-plus.html

    Real-Time Blocking (use both)
    SpywareBlaster http://www.techspot.com/downloads/568-spywareblaster.html

    SpywareGuard http://www.techspot.com/downloads/1337-spywareguard.html

    Security moniyor
    WinPatrol 2007 http://www.techspot.com/downloads/137-winpatrol.html
     
  12. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    Thanks EvilFantasy, I've got the necessary programs all installed. Btw, SpywareGuard runs in the background while the SpywareBlaster doesn't right?

    By the way, is it wise to use the REGISTRY option in the CCleaner to clear up my registry entries? It's like after you uninstalled a program, there will be some entries left in the registry.

    Is it correct that clearing those can speed up the system?
     
  13. evilfantasy

    evilfantasy Banned Posts: 428

    SpywareGuard runs in the background, while SpywareBlaster doesn't actually run, it sets restrictions in the browser to block unwanted behavior.
    Be sure to open SpywareBlaster every other week or so and check for updates.

    I will use the Registry option in the CCleaner every now and then. Any speed gained from cleaning the registry will, in most cases, be so small that it will never be noticed. But the amount of empty keys can get rather large so it can be useful. I personally have never had a problem with the registry cleaner, but the first time you run it, CCleaner will prompt you to make a back-up before deleting anything. I would do so on the first few runs.
    Also, you will most likely need to run the registry cleaner 3 or 4 times, until it stops finding items to remove.

    This page http://support.microsoft.com/kb/322756 shows how to manually back up the registry to be extra safe.
     
  14. sinetic87

    sinetic87 TS Rookie Topic Starter Posts: 17

    Thanks for that. I guess my system's now safe on the whole.

    Really appreciated for your prompt replies. You guys are indeed experienced. = )

    Regards,
    Sinetic87
     
  15. Daveskater

    Daveskater Banned Posts: 1,687

    No problem, mate, it's what we're here for :D

    Personally i run the CCleaner registry scan after uninstalling something because, like you say, programs can leave the odd bit behind. The first time you run it you'll probably get like 100 or so items, maybe even over 300, but it can miss the odd one or two on the first scan so run it a second time and see if it finds anything.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...