Windows XP - Infected with stubborn Astry worm (HELP)!

[sinetic87]

Hi, my desktop has been infected with a worm and I've tried to scan using lavasoft and ewido in safe mode, but still, the worm is stubborn.

It causes a pop up at the user log in screen. It goes like this.

Windows update (6300-NGSRP-TMR521A-SMG-542PH-3180)
Check system setting or upgrade system.
Maybe your system not full patch. System still safe.
http://www.microsoft.com
Patch code: AS3-CTRKEA-SR

After clearing some adwares detected by lavasoft and ewido, it still doesn't go away. The HT log as follows:
(Moderator edit: Please do not copy and paste your logs. Instead, post them as attachments only in either .txt or .log format. To learn how to attach a log file, please see HERE.

 

[Daveskater]

You are using an outdated version of HJT. Please download the latest version from the link in this thread How to post an HJT log as an attachment and attach a new log to a new reply in the thread.

When you post your new log, please use the Edit button and remove the log that you have copy and pasted.


This thread is for the use of sinetic87 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sinetic87]

This is the new HJT. Sorry for the inconvenience caused in the previous post.

Sinetic87

 

[Daveskater]

Unless you use the Ladbrokes website, fix this entry:

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab

Otherwise i don't think i can see anything that could be bad in your log.

It may be worth you reading this thread If your system is infected, read this before deciding whether to Clean or Format.

If you decide to clean your system,let me know


This thread is for the use of sinetic87 only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[sinetic87]

Dave, I've followed the steps to clean my computer. I've tried using ss&d in safe mode and it has already deleted some malwares in my computer.

But the pop up at the welcome screen is still there. Is there any way to delete it? perhaps there's a need to delete some particular entry in the regedit? I'm not sure at all.

Sinetic87

 

[momok]

Since you have followed the steps, you should have posted the necessary logs for us to review. It explicitly states in the instructions to post ComboFix, AVG antispyware and HJT logs as well as letting us know the results of the anti-rootkit scan.

Regards,
momok

 

[sinetic87]

Hi Momok, thanks for your prompt reply.

I've already decided to reformat my computer. As I always do online banking with this computer, I guess reformat is the only way not to have my passwords compromised.

Thanks for all the suggestions and replies. Really appreciated !

By the way, I've installed AVG and zonealarm in my reformatted hard disk. Is the 2 programs strong enough?

Thanks,
Sinetic87

 

[Daveskater]

It would be good to get Spybot S&D and Ad-aware as well because they're both free and anti-spyware, which you don't have at the moment if you only have AVG Free and Zone Alarm Free.

 

[momok]

By the way, I've installed AVG and zonealarm in my reformatted hard disk. Is the 2 programs strong enough?

Are you referring to AVG Antivirus or AntiSpyware?

You should always have an Antivirus software installed. AVG or Avast! are good options. And yes, SpyBot too; that one's a real gem.

 

[sinetic87]

I'm talking about the AVG Antivirus. Previously I'm using Trend Micro Internet Security 2007 but it's sorta lagging in my computer.

By the way, my computer is just P4 1.7GHZ with 1 gb ram. It's a few years' system. hehe = ).

The real time protection offered by trend micro has a relatively high cpu usage consumption compared to both AVG + ZA.

But for protection wise, I'm not sure if TM's better than AVG+ZA. What do you reckon?

 

[evilfantasy]

ZA can use considerable resources as well.

Consider this set up. (all free and lightweight)

Antivirus
AVG Antivirus

Firewall (use only one)
Comodo https://www.techspot.com/downloads/2311-comodo-personal-firewall.html
or
PC Tools Free Firewall https://www.techspot.com/downloads/3991-pc-tools-firewall-plus.html

Real-Time Blocking (use both)
SpywareBlaster https://www.techspot.com/downloads/568-spywareblaster.html

SpywareGuard https://www.techspot.com/downloads/1337-spywareguard.html

Security moniyor
WinPatrol 2007 https://www.techspot.com/downloads/137-winpatrol.html

 

[sinetic87]

Thanks EvilFantasy, I've got the necessary programs all installed. Btw, SpywareGuard runs in the background while the SpywareBlaster doesn't right?

By the way, is it wise to use the REGISTRY option in the CCleaner to clear up my registry entries? It's like after you uninstalled a program, there will be some entries left in the registry.

Is it correct that clearing those can speed up the system?

 

[evilfantasy]

SpywareGuard runs in the background, while SpywareBlaster doesn't actually run, it sets restrictions in the browser to block unwanted behavior.
Be sure to open SpywareBlaster every other week or so and check for updates.

I will use the Registry option in the CCleaner every now and then. Any speed gained from cleaning the registry will, in most cases, be so small that it will never be noticed. But the amount of empty keys can get rather large so it can be useful. I personally have never had a problem with the registry cleaner, but the first time you run it, CCleaner will prompt you to make a back-up before deleting anything. I would do so on the first few runs.
Also, you will most likely need to run the registry cleaner 3 or 4 times, until it stops finding items to remove.

This page http://support.microsoft.com/kb/322756 shows how to manually back up the registry to be extra safe.

 

[sinetic87]

Thanks for that. I guess my system's now safe on the whole.

Really appreciated for your prompt replies. You guys are indeed experienced. = )

Regards,
Sinetic87

 

[Daveskater]

No problem, mate, it's what we're here for

Personally i run the CCleaner registry scan after uninstalling something because, like you say, programs can leave the odd bit behind. The first time you run it you'll probably get like 100 or so items, maybe even over 300, but it can miss the odd one or two on the first scan so run it a second time and see if it finds anything.