Do you mind analyzing this log for me?

[greatman05]

Hello. I think I was infected with ctfmon_lr.exe, and I think I got most of it...I just want to make sure it's gone, because explorer.exe and taskmanager, etc. All have abnormally high memory usage...

 

[kimsland]

Sorry it's impossible to make a judgment without running the scans, and providing the logs

Please run the steps in the guide in full:

UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[greatman05]

Okay...so I went through the 8 steps and I have the log files...Just to let you know, the problem I was having was that Windows was using an abnormal amount of memory for a lot of my programs, and was extremely slow...I had to kill the Windows Explorer process just to get it to run acceptably while I did the scans...But now, I think It's gone, because the memory usage is back to normal levels for me (~43-45M for Windows Explorer, ~4-6M for Task Manager, etc.), but I still want to see if my system is clean...

 

[kimsland]

I'd say not clean yet

-> No action taken on MBAM scan, for found issues

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected. <========= Not Done

Please re-run Malwarebytes
Confirm updated (third tab)
Then do the above quoted message, but this time "Remove all found issues"
Save the log to be attached to a new reply


Combofix Instructions

• Download Combofix to your desktop.
• Double click Combofix & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt
Please save this file to be attached to a new reply

Also attach a fresh HiJackThis scan ran afterwards


3 logs required...

 

[greatman05]

Here's Log Set #2

 

[kimsland]

Um I think I counted 4 File Sharing programs, I'm not sure where to begin informing you...

But because I see this all too often, I'm thinking about adding it to the guide as a definite removal (not just disable) I'll need to talk to the other Malware helpers on their thoughts to the matter.

Generally TechSpot seems to get a lot of gaming enthusiasts, and generally these "gamers" also tend to use "File Sharing" programs and generally they tend to be young. (All this being "generally" )

It's making me think twice about continuing help in the Virus & Malware removal forum, as I'm basically going in circles. Whereas on the other forums (ie Windows faults) I get real results, ie the Members don't want to get the fault again. But here on this forum, Users have even argued with me (not you) about keeping these programs, and then.. Guess what? They are back again ...

You know its taken me a year on the Virus Malware removal forum to realize this, just today!

For you, you just need to uninstall the 4 File Sharing programs and then basically start again, as you are likely re-infected by now. These programs "Share" all your details and bypass your Firewall (as per their intention) as soon as they are installed. ie You agreed to this by installing them, if you knew it or not.

It's incredible that I've had this realization, and it even makes more sense now, and why older members who supported in this forum, left. They suddenly realized that it makes no difference. Sad but I always prefer the truth.

If you need more help with Virus removal, you will need to create a new thread, as I think I just quit.

 

[kritius]

Also ComboFix is running from My Documents.

And yes, there are 4 P2P programs installed there.

 

[Bobbye]

Amazing isn't it when that light goes off in your head? The only thing that has kept me doing anything in that forum is the incredibly bad advice some users are being given! But I should know by now I can't change the world and what I say to the (the unreliable "helpers") isn't going to make them change!