Please take a look at my logs and let me know if my system is clean

[vecnaa]

Hi Guys,

I was recently infected with a large amount of spyware/malware/trojans and tried to get rid of them with the steps described on your forum. Please can you take a look at the logs I have attached and let me know if my system is now clean or of there are any lingering problems. I greatly appreciate your help

AVG Anti Virus (scan came out with two trojans which was fixed - ran clean on next two consecutive scans)

SS&D (only tracking cookies found)

Ran the following tools (results in parenthesis)
Tool 1 Smitfraudfix (found infected files and fixed)
Tool 2 Virtumondobegone (was clean of infection - virtumonde was detected before though looks like its gone now)
Tool 3 Vundofix (was clean of infection)

AVG Anti-Rootkit results:
There were no installed rootkits found on your computer.

Logs Attached:
Combofix Log / Combofix Quarantined Files Log
Hijack This Log
AVG Anti Spyware Log

 

[howard_hopkinso]

Hello and welcome to Techspot.

Run the Ccleaner programme as per step9 of the instructions HERE.

Delete the following folders.

C:\VundoFix Backups
C:\qoobox

All your logfiles look clean. However, I`d like you to have a file checked out over at Jotti`s.

Please visit this link http://virusscan.jotti.org/
* Click the Browse... button
* Navigate to the following file C:\WINDOWS\system32\ope870.exe

* Click Open
* Please let me know the results.

Regards Howard :wave: :wave:

This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[vecnaa]

Thanks Howard!

Hi Howard,

I just ran Ccleaner (step 9) a few times and also deleted the folders you specified. I went on Jotti's to scan that file C:\WINDOWS\system32\ope870.exe but could not find it in my browse. I went into the system32 folder and could not find it at all. I wonder what happened - maybe one of the programs deleted it.

Thanks for all of your help

Thanks,
Vecnaa

 

[howard_hopkinso]

You may need to show hidden files and folders.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

See if you can now find the file.

If you can, get it scanned, then rehide your protected OS files.

Regards Howard

This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[vecnaa]

Malware found - ope870.exe

Hi Howard,

I changed the settings to show system files too (I only had show hidden files checked but the system files were still hidden) and found the file ope870.exe. I ran the file through Jotti's and two sites have this file listed as a malware . What do you recommend I do to remove this?

Thanks for your help again!

File: ope870.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: e83506890a56284c6c42ce644d29ac05
Packers detected: Analyzing...
Bit9 reports: File not found

Scanner results
Scan taken on 17 Jun 2007 22:03:13 (GMT)
A-Squared Found nothing
AntiVir Found TR/Spy.Agent.98893
ArcaVir Found nothing
Avast Found Win32.Delf-DLH
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

[howard_hopkinso]

Ok, since there appears to be some doubt as to whether the file is nasty or not, please do the following.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ope870.exe

Close task manager.

Now, rather than deleting the file, right click on it and add it to an archive. In other words, zip it up, then delete the original ope870.exe file, so that you only have the zipped up file left. See how your system runs for a few days and providing you don`t have any problems, you can then delete the zip file. As long as the file is zipped up it can`t do any harm.

Reboot into normal mode and rehide your protected OS files.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of vecnaa only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[vecnaa]

Thank you so much Howard!

Hi Howard

I just followed your final instructions. Thank you so much for all the help! Now I have peace of mind . Thank you thank you thank you!!

Have a great evening

Thanks,
Vecnaa