44 replies to this topic

[oldman960]

Hi Compcrap,

Logs look good. We can have a look at your laptop once we are finished here.

What are you using for an antivirus program? You can download and use one of these free ones if you don't have an antivirus program installed.

Avast
Help and support can be found here Avast Forum
AVG
Help and support can be found here AVG Forum
Antivir PersonalEditionClassic
Help and support can be found here Avira Personal Support Forum


For your flash drives


Download Flash_Disinfector.exe by sUBs and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Post back when done and if everything is OK, we'll clean up our tools.

Thanks

[oldman960]

Hi Compcrap, Still here? Thanks

[Comcrap]

Still here

[Comcrap]

I am concerned. my flashdrives are fine, since I formatted them, and I'll run the disinfector. My big worry is the external harddrive. I have a lot of keygens, which have never given me any trouble, but virus things tend to think they're trojans. I KNOW there's a virus on it, for sure. It's an Autorun thing in the recycler folder. How do I fix the drive without having anti virus attack the keygens?

[oldman960]

Hi Compcrap,

The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.

I have a lot of keygens, which have never given me any trouble, but virus things tend to think they're trojans.

Cracks and keygens are a great source for infections. This could very well explain where the infection came from.

I suggest you read this.

http://forums.whatth...ort_t92527.html

[Comcrap]

Very well. You might be right about that. I'll have to get rid of those. Will the flash drive scanner work on the portable harddrive?

Edited by Comcrap, 21 October 2009 - 10:35 PM.

[oldman960]

Hi Compcrap,

Will the flash drive scanner work on the portable harddrive?

Yes it will. It will also work on any fixed drives that are on your computer.

Hold down the shift key when attaching the portable drive. That should keep the autorun from running. Then run FDD.

What is the drive letter of your extenal hard drive. A tool we used deleted an autorun from E:

deleted: virus Worm.Win32.AutoRun.aevb File: E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\win32.exe

Thanks

[oldman960]

Hi Compcrap, You still with us?

[Comcrap]

still here

[oldman960]

Hi Compcrap, How are you making out? Thanks

[Comcrap]

ran the disinfector on my drives and they're all clean. What should I do at this point?

[oldman960]

Hi Compcrap,

Have installed an antivirus program?

How's the computer?

If no other problems, we can clean up our tools and have a look at your laptop if you wish.

From your desktop, please delete[if still present

• any notepads/logs that we created
• exeHelper.com
• Win32kDiag.exe
• log.txt
• Win32kDiag.txt
• RootRepeal.exe
• DDS.scr
• GMER.zip
• GMER.exe
• AVP Tool by Kaspersky.
• TDSSKiller.exe
• Logit.txt

To ensure the removal of combofix works correctly, we'll use a new copy.

Locate combofix.exe (you renamed it jgh.exe), right click it and select delete.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /Uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Unless you have installed an antivirus program, you have only MBAM, an on demand antispyware program.

I recommend you use an antispyware program with resident (real time) scanning. I suggest

Windows Defender
OR
Winpatrol


* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0


-More tips and programs can be found HERE

- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

Let me know about the laptop.

Thanks

[Comcrap]

working on it. Sorry, my laptop recently failed, so I was preoccupied

[oldman960]

Hi Compcrap, Sorry about your laptop. Thanks for the update.

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.