Solved Windows XP virus/trojan - found by AVG resident shield but not able to remove

Status
Not open for further replies.
Please note: I will be Offline on Wednesday, 2/8 and Thursday, 2/9. When I return on Friday, 2/10, I will pick up the oldest threads first.
 
Hey Dr. Chris- what's going on now? Do we still have problems to resolve?

Once we have addressed everything, I'll have you remove the tools we used, their logs and backups
 
Hi Bobbye

The computer seems to be behaving itself now - so I think the post-viral clear up can commence!

Chris
 
Okay- that is a good thing! I hope your new status is going well as Dr. Chris.

I went through all of the logs and gathered up the left over files. They are all in the script. I have had the Hitman entries in every script I've written! You will need to manually delete the driver: I found some Avira files, AVG and Hitman.
----------------------------------
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
KillAll::
File::
c:\windows\system32\drivers\hitmanpro36.sys
c:\program files\Avira\AntiVir Desktop\sched.exe 
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\DRIVERS\AVGIDSEH.Sys
c:\windows\system32\DRIVERS\avgrkx86.sys
c:\windows\system32\DRIVERS\avgldx86.sys
c:\program files\AVG\AVG2012\avgwdsvc.exe
Folder::
c:\documents and settings\all users\application data\HitmanPro
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=-
Clearjavacache::
Driver::
AntiVirSchedulerService
AVGIDSEH
Avgrkx86
Avgldx86
avgwd
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . I do not need this log.
====================
Please use Window Explorer to access Computer> Local Drive> Windows> System 32> Expand the Drivers> Look on the right screen for hitmanpro36.sys and do a right click> Delete.

NOTE: If you don't see the Hitman Driver: Show Hidden Folders/Files
  • Go up to Tools > Folder Options.
  • Select the View tab.
  • Scroll down to Hidden files and folders.
  • Check Show hidden files and folders.
  • Uncheck Hide extensions of known file types.
  • Uncheck Hide protected operating system files (Recommended).
  • Click Yes when prompted.
  • Click OK.
  • Use same path and look again for the Hitman Driver to delete.
Go back and hide the files again.
==============================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin
---------------------------------------------------
peace_dove_bigger_normal.jpg
Peace and best wishes for you new, hard earned life.
Bobbye
 
Hi Bobbye,

Just wanted to say thank you, thank you, thank you!

Dr (still haven't got used to that!) Chris
 
You're very welcome Dr. Chris. It was kind of nice taking the last part of your journey with you. :)
 
Status
Not open for further replies.

Similar threads

G
Computer boots to Windows once only when moving RAM to a different slot. Also have display issues
Replies
6
Views
3K
Kshipper
Kshipper
B
Solved Internet goes off and on and off again, explorer crashes
2
Replies
33
Views
5K
Broni
Broni
R
Solved Incessant Avast! pop ups, impairments to Windows Media and IE
2
Replies
32
Views
8K
Broni
Broni

Latest posts

Back