Okay then- the system is now clean. Keeps in mind the things I told you along the way so you can keep it clean. Mbam found Autorun worms which spread from USB/thumb drives as well as fixed and mapped drives. Autorun worms typically drop or download additional malware, usually backdoors and password stealers. For the safety of your system, please review and consider the following: (link is embedded)
Disable Autoplay of Audio CDs and USB Drives
If you have not already disinfected the USB/flash drive, please do so:
- Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
- Install and run it.
- Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
===================================================
Remove all of the tools we used and the files and folders they created
- Uninstall ComboFix and all Backups of the files it deleted
[o] Click START> then RUN
[o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
- Download OTCleanIt by OldTimer and save it to your Desktop.
[o] Double click OTCleanIt.exe.
[o] Click the CleanUp! button.
[o] If you are prompted to Reboot during the cleanup, select Yes.
[o]The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
- Set a new, clean Restore Point
[o] Click on Start> right click on Computer> Properties
[o] Select System Protection
[o] Click on the Create button (near bottom)
[o] Type a name for the Restore Point
[o] Click on Create again to save the restore point.
- Deleting all but the most recent System Protection point in Windows 7
[o] Click Start> Computer> right click the C Drive and choose Properties> enter.
[o] Click Disk Cleanup from there.
[o] Click Clean up system files
This restarts Disk Cleanup to run in elevated mode.
[o] Click the More Options tab
[o] Click the Clean up under System Restore and Shadow Copies.
[o] Click OK.
[o] You will get a confirmation screen> Just click Delete.
[o] Click OK on the Disk Cleanup Screen.
[o] Click Delete Files on the Confirmation screen.
This runs the
Disk Cleanup utility along with other selections
if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.
Empty the Recycle Bin
==================================================
P2P/ 'file sharing'/Piracy Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe.
- As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
- Malware writers use these program to include malicious content.
- File sharing is usually unmonitored and there is a danger that your private files might be accessed.
- The 'sharing' also includes malware that the shared system has on it.
- Files that are illegal can be spread through file sharing.
Please read the information on
P2P Warning to help you better understand these dangers.
Let me know if you have any questions.