Run GMER again and post the log.

Need to check on something.

I eagerly await your verdict...

- Rwolf

Attached Files

GMERlog.log (2.6 KB, 2 views)

That looks ok, my earlier post about atapi.sys still being infected were inreference to the above post.

However GMER is showed no more modifications.

Post a fresh OTL log for me.

Fair enough.

I've done a few more searches now, so my confidence that we've exorcised the daemons is increasing... (pun intended :-)

The OTL log is attached. Absent other instructions I ran it as follows:

Kill the usual monitoring programs
close all windows
Minimal output, +LOP check +Purity Check
\\ No extras
Run Scan

Incidentally, one of the things I googled was OTL. It turns out to be a Korean emoticon for failure and despair. (view it as the side view of a stick figure. He is on hands and knees, hanging his head...)

Ironic, given that we appear to be close to victory...

Thanks again for your help!

- Rwolf

Attached Files

OTL.Txt (85.5 KB, 2 views)

Your logs are clean as far as I can see.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure the following is checked.
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     Mail databases
5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Make sure the C:\Program Files\JAVA folder is removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")

Jave updated to latest version (now Update 17) and ran Kaspersky as instructed.

Log file is attached.

Note: I've manually deleted the infected atapi.sys files, and confirmed that the installed atapi.sys still compares okay with a known good file. I've also deleted the website backup file and all the Outlook Express files in D:\temp, since they were just old barnacles....

Do you have a tool that can sanitize the remaining Outlook and Outlook Express files? I'm happy to delete the infected emails, but I'd rather not wipe all the old emails, since some of them serve as an archive for my business.

- Rwolf

Attached Files

KasperskyLog.txt (5.5 KB, 3 views)

Don't know of a tool to do that, the rest of the logs are clean.

Are you experiencing any more issues?

Google has been well behaved for quite a while now. I guess I'll just leave those old email files, but remember to scan any attachements before opening them.

Thanks again for your help!

Best Regards,

Rwolf

Follow these steps to uninstall Combofix and tools used in the removal of malware

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.