8 Step Removal Scan Logs Completion

By momof6blessings
Dec 3, 2008
  1. Here are the completed scan logs after running the 8 steps. Please let me know if any further action is needed. At this point my computer seems to be running smoothly and I am not experiencing any symptoms.

    Attached Files:

  2. SpiritWind

    SpiritWind TS Rookie Posts: 164

    Vulnerable Programs

    Hi :

    You have an outdated and
    malware-prone Adobe Reader . Recently, Researchers found a new hackertoolkit that uses nothing but Adobe securityleaks in order to infect systems. "PDF Xploit Pack" ( http://www.trustedsource.org/blog/15...e-PDF-Exploits )adds all kind of exploits to PDF-files. When a certain exploit has successfully infected the OS, the IP address is sent to the attackers, so they need to try again. This to reduce the time it takes to manage the bots.

    Use of PDF-files is becoming more and more popular among malcreants, this because other toolkits also have PDF exploits now. A year ago only 3% of the exploits were PDF directed.

    So, it would seem wise to uninstall this "reader" and use the safer "Foxit Reader"
    or "CutePDF" .

    Unable to tell by the "log" IF the Java ( from Sun) is up-to-date, which would be
    a security risk . Would be wise to run "JavaRa" from http://raproducts.org .
    Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.

    Accept any prompts.
    Open JavaRa.exe again and select Search For Updates.

    Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    In addition, you have the unnecessary "Bonjour\mDNSResponder" and should
    consider the Info at www.raymond.cc/blog/archives/2008/02/10/how-to-uninstall-or-remove-bonjour-mdnsresponderexe/ and seriously consider
    uninstalling it by using the "Removal Instructions" there .
  3. rf6647

    rf6647 TS Maniac Posts: 829

    The moderator will probably step in and join the two threads being the same case.

    Presently, the method being used for this type of infestation (TDSS) is becoming more ‘typical’.

    Successive scans are used to uncover additional infections, since masking is common with many infestations. When a tool reports something it can not clean, that's when the strategy calls for a stronger scanner. The sequence for applying the scanners begins with the standard scanners (fully updated) and ends with the stronnger cleaner, with a side benifit that it adds information about the comparative effectiveness among the tools.

    The TDSS exploit (among other non-plug and play driver exploits) is quite the rage. The temptation is to package a method for this. However, the result would be quite lengthy and possibly confusing, since it is not possible to anticipate contributing factors.

    Your feedback is appreciated. Your logs show found and removed items. For your case, we will supplement our guide with a special scan / tool.

    Overview -
    • Update both scanners (MBAM, SAS). MBAM version is 2 weeks old!
    • ComboFix is a very effective tool that scans / fixes hard to clean infections. Additionally, it includes diagnostic information.
    • Uninstall old copy of ComboFix - if tool was used previously

    Supplement to guide. Successive scans used to uncover additional infections.
    • Update both MBAM & SAS. Rerun them both.

    • This effort is complete when logs report NO infections/threats, or reporting something it can not clean.

    • Follow ComboFix instructions referenced below.

    • Scan with HJT. (part of instructions for ComboFix)

    • Posts logs. Report progress & what changes are observed. Include logs that found infections.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...