Solved After using Malwarebytes anti-malware I still have XP Security 2011

Status
Not open for further replies.
You didn't say where did you get PDF Suite from.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\PDF Suite\PDF Suite.exe
- C:\PDF Suite\Gs\gswin32c.exe
- C:\PDF Suite\Help\PDF Suite Presentation.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Sorry. I'm totally clueless on where the PDF Suite originated from. Someone installed the PDF Suite by transferring it from a flash to my laptop. I have no clue where he got it from.

I'm uploading the files to virus total.
 
PDF Suite is not free, so if you got it through some illegal download and ESET found its files Virut infected....Virut infection is a very serious matter.
If it confirms, you'll be facing formatting and reinstalling Windows.
 
Then I'm screwed. I'm seeing lots of virut on these scans. The last one is scanning and I'm about to post. If I format and re-install Windows will I lose all my info?
 
Virus total scan results

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: PDF Suite.exe
Submission date: 2010-11-25 22:44:22 (UTC)
Current status: queued (#8) queued analysing finished


Result: 12/ 41 (29.3%)

Antivirus results
AhnLab-V3 - 2010.11.25.01 - 2010.11.25 - Win32/Virut.E
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 7d2abf1c2713fc4a85c089b866f08a75
SHA1: 66748663e949f235dd32df4f81314960e08a2ae1
SHA256: c76b0bb80440aefaf5b16e850ba598f1e47f183311718181c573e9bc30e29b17
File size: 4714496 bytes
Scan date: 2010-11-25 22:44:22 (UTC)




0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: gswin32c.exe
Submission date: 2010-11-25 22:51:15 (UTC)
Current status: queued (#7) queued (#7) analysing finished


Result: 14/ 43 (32.6%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - Virus.Win32.Virut!IK
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - Virus.Win32.Virut
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: c359527c02490cf7a5d844b699617fc7
SHA1: af1eccd6fcc081b09caf1fc4b2f94dfedf5d9a31
SHA256: 62e98134066e2d89b3833127f17d704e464e497c4fa38152feb3dcce4b3617ac
File size: 188416 bytes
Scan date: 2010-11-25 22:51:15 (UTC)




0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: PDF Suite Presentation.exe
Submission date: 2010-11-25 22:54:43 (UTC)
Current status: queued queued analysing finished


Result: 14/ 43 (32.6%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - TR/Patched.Gen
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - Win32:Vitro
Avast5 - 5.0.594.0 - 2010.11.25 - Win32:Vitro
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - W32.Virut.G
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - W32/Virut.AI!Generic
Comodo - 6847 - 2010.11.25 - Virus.Win32.Virut.CE
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - W32/Virut.AI!Generic
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - W32/Virut.CE
GData - 21 - 2010.11.25 - Win32:Vitro
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - Win32/Virut.NBP
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - W32/Sality.AO
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.25 - -
Rising - 22.75.03.00 - 2010.11.25 - Win32.Virut.db
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - PE_VIRUX.D-4
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 169d690681a08b4f335c4e8830b95661
SHA1: 139fc48adf32ce36f7e786420c189fe5234f8dbf
SHA256: 381ab11d84658b684f17e3f89fb69111ceac3e69c943559685572a4279a6a735
File size: 491520 bytes
Scan date: 2010-11-25 22:54:43 (UTC)
 
Uninstall PDF Suite right away.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- explorer.exe located @ C:\Windows
- userinit.exe and svchost.exe located @ C:\Windows\System32
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Shoot! I've got an NSIS error when I tried to uninstall PDF Suite. It says the installer that you are trying to use is incomplete or corrupt. This could be due to a damaged dish, a failed download or a virus. You may want to contact the author of this installer to obtain a new copy. it may be possible to skip this check using the ?NCRC command line switch (NOT RECOMMENDED).

That doesn't sound good. I hope it's not as bad as it sounds.

Let me upload these other files to virus total
 
New virus total scans

New scans below. By the way for the previous message about the NSIS error that should have been /NCRC not ?NCRC.

9 VT Community user(s) with a total of 716 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: explorer.exe
Submission date: 2010-11-25 23:17:42 (UTC)
Current status: queued queued analysing finished


Result: 0/ 37 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 12896823fb95bfb3dc9b46bcaedc9923
SHA1: 9d2bf84874abc5b6e9a2744b7865c193c08d362f
SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
File size: 1033728 bytes
Scan date: 2010-11-25 23:17:42 (UTC)


0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: userinit.exe
Submission date: 2010-11-25 23:23:53 (UTC)
Current status: queued (#2) queued (#2) analysing finished


Result: 0/ 43 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: a93aee1928a9d7ce3e16d24ec7380f89
SHA1: 513f8bdf67a5a9e09803cfb61f590b39f2683853
SHA256: 944cd2135e171af338352568aa7fe1b8004733a4281395ad6723e0cf43d5f53f
File size: 26112 bytes
Scan date: 2010-11-25 23:23:53 (UTC)



6 VT Community user(s) with a total of 741 reputation credit(s) say(s) this sample is goodware. 1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is malware.
File name: svchost.exe
Submission date: 2010-11-25 23:27:39 (UTC)
Current status: queued (#4) queued (#4) analysing finished


Result: 0/ 43 (0.0%)

Antivirus results
AhnLab-V3 - 2010.11.26.00 - 2010.11.25 - -
AntiVir - 7.10.14.107 - 2010.11.25 - -
Antiy-AVL - 2.0.3.7 - 2010.11.25 - -
Avast - 4.8.1351.0 - 2010.11.25 - -
Avast5 - 5.0.594.0 - 2010.11.25 - -
AVG - 9.0.0.851 - 2010.11.25 - -
BitDefender - 7.2 - 2010.11.25 - -
CAT-QuickHeal - 11.00 - 2010.11.25 - -
ClamAV - 0.96.4.0 - 2010.11.25 - -
Command - 5.2.11.5 - 2010.11.25 - -
Comodo - 6847 - 2010.11.25 - -
DrWeb - 5.0.2.03300 - 2010.11.25 - -
Emsisoft - 5.0.0.50 - 2010.11.25 - -
eSafe - 7.0.17.0 - 2010.11.24 - -
eTrust-Vet - 36.1.8000 - 2010.11.25 - -
F-Prot - 4.6.2.117 - 2010.11.25 - -
F-Secure - 9.0.16160.0 - 2010.11.25 - -
Fortinet - 4.2.254.0 - 2010.11.25 - -
GData - 21 - 2010.11.25 - -
Ikarus - T3.1.1.90.0 - 2010.11.25 - -
Jiangmin - 13.0.900 - 2010.11.25 - -
K7AntiVirus - 9.69.3083 - 2010.11.25 - -
Kaspersky - 7.0.0.125 - 2010.11.25 - -
McAfee - 5.400.0.1158 - 2010.11.25 - -
McAfee-GW-Edition - 2010.1C - 2010.11.25 - -
Microsoft - 1.6402 - 2010.11.25 - -
NOD32 - 5649 - 2010.11.25 - -
Norman - 6.06.10 - 2010.11.25 - -
nProtect - 2010-11-25.01 - 2010.11.25 - -
Panda - 10.0.2.7 - 2010.11.25 - -
PCTools - 7.0.3.5 - 2010.11.25 - -
Prevx - 3.0 - 2010.11.26 - -
Rising - 22.75.03.00 - 2010.11.25 - -
Sophos - 4.60.0 - 2010.11.25 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.11.25 - -
Symantec - 20101.2.0.161 - 2010.11.25 - -
TheHacker - 6.7.0.1.091 - 2010.11.25 - -
TrendMicro - 9.120.0.1004 - 2010.11.25 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.11.25 - -
VBA32 - 3.12.14.2 - 2010.11.25 - -
VIPRE - 7411 - 2010.11.25 - -
ViRobot - 2010.11.19.4158 - 2010.11.25 - -
VirusBuster - 13.6.60.0 - 2010.11.25 - -
File info:
MD5: 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1: 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
File size: 14336 bytes
Scan date: 2010-11-25 23:27:39 (UTC)
 
Do I still need Combofix, OTL, MBRCheck, TFC, Security Check, JavaRa on my desktop or is it safe for me to delete them?
 
I'll let you know in a moment...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    
    :Reg
    
    :Files
    C:\PDF Suite
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
OTL log

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\PDF Suite\styles folder moved successfully.
C:\PDF Suite\print folder moved successfully.
C:\PDF Suite\Help folder moved successfully.
C:\PDF Suite\Gs\Resource\Font folder moved successfully.
C:\PDF Suite\Gs\Resource\Encoding folder moved successfully.
C:\PDF Suite\Gs\Resource\Decoding folder moved successfully.
C:\PDF Suite\Gs\Resource\ColorSpace folder moved successfully.
C:\PDF Suite\Gs\Resource\CMap folder moved successfully.
C:\PDF Suite\Gs\Resource folder moved successfully.
C:\PDF Suite\Gs\lib folder moved successfully.
C:\PDF Suite\Gs\fonts folder moved successfully.
C:\PDF Suite\Gs folder moved successfully.
C:\PDF Suite\Driver\x86 folder moved successfully.
C:\PDF Suite\Driver\x64 folder moved successfully.
C:\PDF Suite\Driver folder moved successfully.
C:\PDF Suite\addin07 folder moved successfully.
C:\PDF Suite\addin folder moved successfully.
C:\PDF Suite folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KOYO
->Temp folder emptied: 41925 bytes
->Temporary Internet Files folder emptied: 23930163 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 26721258 bytes
->Flash cache emptied: 969 bytes

User: KOYO_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70119907 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: KOYO
->Flash cache emptied: 0 bytes

User: KOYO_2
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Others
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11262010_030404

Files\Folders moved on Reboot...
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA281.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA282.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA283.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA284.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA285.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA286.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA287.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA288.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA289.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28A.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28B.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28C.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temp\VGXA28D.tmp moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\CAY3GRF8.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\menu28[1].htm moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\S9UJ01YJ\revo_uninstaller_free_download[1].htm moved successfully.
File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\CAGDA3CD.com not found!
File\Folder C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\OPQRGTUV\topic156963-2[9].html not found!

Registry entries deleted on Reboot...
 
Now, the statement listed below is conditional.
I can't guarantee, that Virut didn't spread.
So, we'll run final steps, but you'll have to watch your computer very closely from now on....



1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
OTL log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: KOYO
->Temp folder emptied: 16781 bytes
->Temporary Internet Files folder emptied: 2480552 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: KOYO_2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Others
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67895779 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 67.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: KOYO
->Flash cache emptied: 0 bytes

User: KOYO_2
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Others
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 11262010_031758

Files\Folders moved on Reboot...
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\iframes_api_loader[1].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\SDYVW5MV\topic156963-3[1].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\CA4LABOT.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7MJ4WNEI\menu28[2].html moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\CA7QNE3J.com moved successfully.
C:\Documents and Settings\KOYO\Local Settings\Temporary Internet Files\Content.IE5\7FIRTZ86\crosspixel-dest[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\WFV6.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
I'm about to do step 2 (OTL cleanup) but reading ahead to step 3, how do I make sure windows updates are current? And I still haven't yet updated IE to 7. Should I do that as well.
 
Hi Broni,

Thanks for all your help and your patience. You're awesome.

IE is updated to 7.

I've downloaded and installed WOT, Secunia Personal Software Inspector (PSI) and FileHippo Update Checker. I'll definitely be running them weekly.

I haven't updated windows. I didn't understand the Start>Windows Updates instruction. Would you mind going over it step by step or being a bit more specific.

What's defrag? I'm sorry but I'm a complete computer/IT dunce.

I've saved the webpage http://www.bleepingcomputer.com/forums/topic2520.html
I'll read it later today.

I'll change all my passwords later on today. I hope that's all right. It's 4am where I am and I'm feeling kind of foggy. I'd like to get some shut-eye because my eyes are half closed now.

So far my laptop seems ok. I don't use this laptop at work so won't be able to do the rest of this stuff until this evening when I get back from work. I'll be able to give a proper rundown on it then.

Thanks again.
 
Sorry. It's not 4am here it's 2 am. And you said that I might have to create a new user profile as a regular user as my old one seems to be corrupted. I can access my documents in my profile from administrator but I can't access my music and pictures. Will I be able to transfer non corrupted files from my old profile to my new profile?
 
I haven't updated windows. I didn't understand the Start>Windows Updates instruction
If you click on Start button, you should see Windows Updates option there.
...or go to http://www.windowsupdate.microsoft.com

As for defrag...
Start>All Programs>Accessories>System Tools>Disk Defragmenter

Then...
How to copy data from a corrupted user profile to a new profile in Windows XP: http://support.microsoft.com/kb/811151

I'll mark this topic as resolved, but I'm not 100% convinced.
But, I'll keep my fingers crossed.

Good luck and stay safe :)
 
Thanks a lot Broni. I've managed to do the windows update and defrag but I'm unable to copy data from the corrupted user profile to a new one. I think as I can access the most important (and irreplaceable) stuff from my corrupt profile from the admin profile then losing my music and pictures is not such a big deal.

Cheers.
 
Status
Not open for further replies.
Back