jade4

Severely infected pc, please help!

Recommended Posts

Hello,

Please help me clean up my pc.

I ran the EEK and OTL and am attaching the logs.

I could not find the Extras.txt log at all, even when searching for it through my pc and when looking in the C: drive. I have no idea where else to look for it so I am attaching what I have. 

 

Share this post


Link to post
Share on other sites

I have written a cleanup script for OTL (if you need to, you may download OTL from this link).

  • Please download the following OTL_Script file, and save it on your desktop. After saving it, open it, run OTL, and copy and paste the contents of the OTL_Script file into the Custom Scans/Fixes box at the bottom of the OTL window:

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own).
  • After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.

Share this post


Link to post
Share on other sites

The infection that was in the logs is gone. Lets run a couple more utilities, just to clean up some junk.

Please download AdwCleaner and save it on your desktop.

  • Close all open programs and internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Please attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer.
Please download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.

Share this post


Link to post
Share on other sites

OK, from those logs it looks like there wasn't a lot of junk to clean up, but they did delete a few things.

At this point the logs are making it look like your computer is clean. Lets get a second opinion on that, just to be certain. Please run an online virus scan through ESET by following the steps below:

  • Turn off your anti-virus software.
  • Click on this link.
  • Click on the ESET Online Scanner button.
  • Put a check in the box that says YES, I accept the Terms of Use.
  • Click the 'Start' button just to the right of the checkbox.
  • Uncheck the box that says Remove found threats (this is very important).
  • Click on Advanced settings.
  • Put a check in the box that says Scan for potentially unsafe applications.
  • Verify that Scan for potentially unwanted applications is also checked.
  • Verify that Enable Anti-Stealth technology is also checked.
  • Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning.
  • When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found).
  • Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me.
  • Close the ESET online scan.
I will take a look at the log, and let you know if anything needs removed.

Share this post


Link to post
Share on other sites

Thank you.

Please find attached the log.

 

I wanted to let you know that I do not think that the computer is fully clean, because every now and then, a popup screen will pop open saying "VAIO Messenger needs to close in order to apply an update. It will automatically restart once the update has been applied." I find it to be very fishy and haven't clicked on the popups at all, because the window does not look real, it looks really transparent and the appearance does not match that of my normal browser windows. Also, I've never used VAIO messenger before and usually whenever an app is open/active, an icon is displayed on my VAIO downbar but this hasn't been the case when the popup appears.

 

Also, when I did the EET scan, there was a little notice saying something along the lines of that the scan may not be fully effective because an anti-virus was detected. I clicked the notice to see more about it and it showed that my Kaspersky Internet Security was detected by EET. I then went to find it on my computer to turn it off and disabled it even though it had been a trial version that expired a year ago anyways. I don't know if having Kaspersky even though it is outdated affected the scan but I thought you should know about this anyway..

 

 

Share this post


Link to post
Share on other sites

That ESET scan log doesn't look bad. One of the detections was in OTL's quarantine, so it was already deleted. The other detection was related to your Firefox preferences, which you may want to reset to their defaults.

As for the Kaspersky Internet Security, it would be best to uninstall that if you do not have a current license for it. It's basically just wasting system resources and not providing any protection. Here's a link to a Kaspersky kowledgebase article about their removal tool for their software, which should allow you to uninstall any of their software that is on your computer.

Once you have Kaspersky uninstalled, please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to.

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not click in ComboFix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites

The ComboFix log looks OK to me. If you still think there is a problem, then we can try TDSSKiller, and see if it finds anything.

If you want to run TDSSKiller, then here are the instructions:

  • Download TDSSKiller from this link and save it on your desktop.

  • Run the TDSSKiller download that you saved.

  • Click on Change parameters as it shows in the following screenshot:

    tdsskiller_report_001.png

  • Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK:

    tdsskiller_report_002.png

  • Click the Start scan button as in the following screenshot:

    tdsskiller_report_003.png

  • You will see the following as the scan runs:

    tdsskiller_report_004.png

  • If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip:

    tdsskiller_report_005.png

  • Click on Report in the upper-right corner, as in the following screenshot:

    tdsskiller_report_006.png

  • You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report.

    tdsskiller_report_007.png

  • Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report.

    tdsskiller_report_008.png

  • Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list.

  • Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot:

    tdsskiller_report_009.png

  • Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.

    tdsskiller_report_010.png

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Thread Closed

 

Reason: Lack of Response

 

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

 

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

 

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.