[Inactive] Followed the 8 steps removal

By yonisha ยท 5 replies
Feb 28, 2010
  1. Hi, I followed the 8 steps removal and now my computer is working better. I haven't checked the restart yet, but I will get there. Thank you for the instructions. I just don't know exactly what was causing it. My first Ad ware scan deleted some malware, but even after that I had problems. Then after the 8 steps I didn't really find anything, but it did start working better. Here are the logs if you can take a look at them. Thanks again!

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    yonisha, if you are still subscribed to this thread and haven't done any further work on your system, It would be good for you to continue with cleaning. MY apology for the delay- we do get behinds at times.

    I checked your logs. You have a Trojan-Troj/Agent-LGT loading processes active now. Please let me know if you would like to go ahead with a cleaning of the malware.

    Additionally, AdAware shows removal of C:\System Volume Information\_restor...... These are the files that keep the System Restore points. They are protected system files and although it says Clean status: Success Item ID: 0 Family ID..., those infected restore points are still on the machine.

    When a cleaning is complete, we have you set a new, clean restore point and drop the old restore points. This prevent a reinfection should you happen to restore to an infected restore point.

    There are also a few entries that I would like to ask you about- if you are aware of them. Let me know.
  3. yonisha

    yonisha TS Rookie Topic Starter

    Hi, thanks for the feedback. The computer seems to be working fine, and any of the programs found anything else - Anti-Malware, Avira, Avast, Ad-aware. But I don't know if something has been left hidden.

    What was that you wanted to talk about that you found on the logs?
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    I'd like you to do the following:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

      Important! Save the renamed download to your desktop.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Double click on the setup file on the desktop to run
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
      (Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.)
    • Query- Recovery Console image
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log.Please include the C:\ComboFix.txt in your next reply.

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Eset NOD32 Online AntiVirus Scanner HERE
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the Active X control to install
    • Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    • Click Scan
    • Wait for the scan to finish
    • Re-enable your Antivirus software.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    And a rescan with HijackThis. Please include the Report from Combofix and logs from the Eset online AV scan and HijjackThis.

    When you are clean, I will have you remove the cleaning tools and old restore points.

    I wanted to ask about these 2 entries:
    O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
    O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe

    How are you using these 2 wireless programs?
  5. yonisha

    yonisha TS Rookie Topic Starter

    Thanks for the follow up. It took me a while, but is done. The computer started to run slow again after the first scan with Combofix. I had to restart two times. I think Combofix found some stuff, but the online scan didn't anymore, and the hijackthis log is here too.

    About the wireless, I am using Belkin now. The computer used to belong to my son, and he had a different wireless device running, that's probably it is still showing. I wonder if that's why always when I start the computer there is a fight in between Belkin software or Windows to run the internet or network connection.

    Right now the only thing that seems to running slow is the Start menu and shortcuts. Maybe because of what has been disabled for the Combofix run.

    Thank you again!

    Attached Files:

  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    It just boggles my mind when I find a thread I KNOW I replied to and the reply isn't there!

    We discussed the Belkin and D-Link devices, we discussed the presence of the Ultimate Service malware, I explained to you that the Combofix deletions wouldn't slow the system down.

    Did you get that reply? Are you still having problems?
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...