185 replies to this topic

[beynac]

Everything is looking good!

I think that you will be OK now, provided that you are careful which sites you visit. I suggest that you have a look at the online games your children play and check the sites out through either McAfee SiteAdvisor or Firetrust Sitehound, if you have installed one of them. You can use the McAfee one to check out sites without installing it. Go here and enter the address of the site you want to check.

--------------------------------------------------------------

There is a bit of tidying up to do. Please delete the following tools and reports, as they are no longer needed (the programs should be on your desktop, unless otherwise stated):

• Blacklight (program and folder C:\Blacklight)
• RootkitRevealer (program and folder C:\RKR)
• FixWareout (program and folder C:\fixwareout)
• Killbox (program and folder C:\!Killbox)
• Hoster
• Dr WebCueIT! and its report
• GMER
• ComboFix and its report
• FindAWF.exe and its report
• SmifraudFix and its report (C:\rapport.txt)
• RegSearch folder
• WinPFind2 folder
• Any of the .bat or .reg or text files that remain on the desktop

We also need to delete a file installed by SmitfraudFix. Click on Start then My Computer. Find and delete the following file, shown highlighted in red.

• C:\WINDOWS\system32\process.exe <-- File only

------------------------------------------------------------

We need to re-hide your system files:

• Click Start
• Open My Computer
• Select the Tools menu and click Folder Options
• Select the View tab
• Advanced Settings: Under Hidden files and folders, check Do not show hidden files and folders
• Select the Hide extensions for known file types option
• Select the Hide protected operating system files (Recommended) option
• Click Apply to All Folders
• Click Yes
• Click OK

----------------------------------------------------------

Please let me know how the computer is running. If everything is OK, I think that we will be able to close this. Let me know if you have any questions.

[rsre15]

The computer is running fine!...a few quick questions before we close this out. First, would you suggest running the AVG Spyware with the McAfee and everything else we have running? Or would this just "clog" up my system. Second, when we do close out the topic will it go under the Resolved Hijack logs? I was just wondering if this was a security issue especially with my registry numbers and other vitals showing. I understand that anyone that wanted to see any of that information could for the last month...is there any vital info that someone can get from my posts.

[beynac]

Hi.

I'm pleased that your computer is behaving itself.

I would suggest that you keep AVG Anti-Spyware. If you wish to upgrade to the paid version you will be able to get automated updates and real-time protection using the 'Resident Shield'. I don't think that this is necessary with the McAfee programs you have got. Without these functions, there is nothing running on the computer unless you are doing a scan. I suggest that you run a full scan every couple of weeks (you can do this in Normal Mode).

This topic will be archived into the 'Resolved HijackThis Logs' forum. There is not really a security issue. People will be able to see which programs you have on your computer, some file names and similar information of that level. The only thing that can be considered sensitive is that your name appears on some of the reports. As nobody knows where you come from, it is very unlikely that you could be identified from this information. Most of the information is generic and will appear on a huge number of other computers. It is obviously necessary that we get this level of information in order to help you sort out your problems and we cannot edit it when the topic is archived. As there are hundreds of topics in that forum, I don't think that you need worry. It is more likely, as you say, that people will have been reading this topic while it was live.

-------------------------------------------------------------------------

Now that your computer is clean, we ought to get rid of the 'bak' folders created by the file-infector. Click on Start then My Computer and find the following folders, shown highlighted in red. Delete any found, but don't worry if they're missing. Be careful just to delete the 'bak' folders.

• C:\Program Files\Analog Devices\Core\bak\
• C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\
• C:\Program Files\Common Files\Sonic\Update Manager\bak\
• C:\Program Files\Dell Support\bak\
• C:\Program Files\Intel\Modem Event Monitor\bak\
• C:\Program Files\Java\jre1.5.0_09\bin\bak\
• C:\Program Files\McAfee.com\Agent\bak\
• C:\Program Files\McAfee.com\MPS\bak\
• C:\Program Files\McAfee.com\Personal Firewall\bak\
  C:\Program Files\McAfee.com\VSO\bak\
  C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\
  C:\Program Files\QuickTime\bak\
  C:\Program Files\Verizon Online\Help Support\bak\
  C:\Program Files\Verizon Online\Help Support\SmartBridge\bak\
  C:\WINDOWS\SYSTEM32\bak\
  C:\WINDOWS\SYSTEM32\dla\bak\

---------------------------------------------------------------------

System Restore

Now that the computer is clean we need to 'flush' the system restore points to ensure that there is no danger of restoring the computer to an infected state. This will also create a clean restore point.

Turn OFF System Restore.

• Click on Start
• Right-click My Computer
• Click Properties
• Click the System Restore tab
• Check Turn off System Restore
• Click Apply, and then click OK

Restart your computer

Turn ON System Restore.

• Click on Start
• Right-click My Computer
• Click Properties
• Click the System Restore tab
• Uncheck Turn off System Restore
• Click Apply, and then click OK

--------------------------------------------------------------------

I won't repeat the 'clean speech' I posted earlier in this topic. We've covered most of the points anyway, but please go back and read through it. I'm pleased that we were able to rid your computer of malware. The service we provide is free but if you wish to make a small donation to help keep this site running, it will be much appreciated - click here.

Best of luck and 'Happy Computing'!

[rsre15]

Thank you very much for your help!...we truly appreciate it. I am sorry it was such a difficult task. Thanks again!

[beynac]

You're welcome!

[LDTate]

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php