You have given me much to ponder. Here is my current understanding.
Member’s assessment
- 3 infected computers with “FullHouse Drive”
- M10 Computer 1; trojans found; mirc.exe; HJT normal
- M10 computer 2 ; clean; mirc.exe; recycle ;O24 HJT
- M11 computer 3 ; trojan found; recycle; O24 HJT
Explanation
- Message 10, computer 2, SDfix - no trojan found, registry item restored for 'mirc.exe', secret-hidden files in recycle bin, O24 found (HJT)
- Message 11, computer 3, SDfix - found trojan, secret-hidden files in recycle bin, O24 found (HJT)
Member's requests
- Should I try to fix the two items in hijackthis log that combofix did handle?
- >> Yes if refering to O24 items.
- The FullHouse drive are still there and won't be deleted. Overall the computers are still the same.
- >> Previously describe an annoyance
- Windows Security Alert
- >> Ignore - it is just windoze barking
Overview
- I am headed back to combofix. Uninstall old version – get rid of the history. When scanning with HJT, ALWAYS restart the computer preceding HJT.
- Check installed programs for mirc.exe
- I will follow a plan developed by mflynn that is geared toward wide coverage. Successive application of the tools removes parts of the infection that mask the 'real bad guy'. Every step improves the chances that the next step will succeed. When a tool does not work, make note and move to the next tool. We are trying to get info and cleaning where we can. I want the tools to do the heavy work for us. MBAB is expected to do its share to remove parts of the infestation, ComboFix will take it to the next level.
Source for steps developed 12-15-08
----------------------------------------------------------------------------------------------------------------------------------
D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
----------------------------------------------------------------------------------------------------------------------------------
D/L Xclean_Micro
http://www.xblock.com/download/xclean_micro.exe
No install, just run it delete all it finds decline to reboot on each item found, until the program finishes then reboot.
Xclean will run minimized and will pop up a window if it finds anything. If it finds nothing it will exit.
Please make a note of what it found if any as it has no log.
If it finds several things reboot to Safe Mode and run again before continuing below.
----------------------------------------------------------------------------------------------------------------------------------
Get and run Malware Removal Tool by Joe Pestro
http://majorgeeks.com/Malware_Removal_Tool_d4632.html
----------------------------------------------------------------------------------------------------------------------------------
When above is completed reboot back to Safe Mode Networking and do the following..
https://www.techspot.com/vb/post684649-3.html
When
Fixit.cmd finishes it will reboot to normal.
Then..
ComboFix
NOTE: If you have had ComboFix more than a few days old delete and re-download.
Get it here:
https://www.techspot.com/downloads/5587-combofix.html
Or here:
http://subs.geekstogo.com/ComboFix.exe
Double click combofix.exe follow the prompts.
When finished, it will open a log.
Attach the log and a new HJT log in your next reply.
Note: Do not click combofix's window while its running. That may cause it to stall.