74 replies to this topic

[JonTom]

Hello RetiredChief

Thank you for letting me know.

Please work your way through the following steps:

• Clean out your temporary files
  
  
  
  • Please download ATF Cleaner by Atribune by clicking here and save the file (called ATF-Cleaner.exe) to your desktop.
  • Run the program by double clicking the ATF-Cleaner.exe icon located on your desktop.
  • Check the boxes to the left of the following:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Java Cache
  
  
  • The rest are optional. If you want to remove everything check the "Select All" box.
  • Click on "Empty Selected" to begin cleaning.
  • Once the "Done Cleaning" message appears, click OK.
  • If you use Firefox, Click on the Firefox tab and repeat the above process.
  • When you have finished cleaning, click on the "Exit" button in the main menu.
  
  
• MalwareBytes AntiMalware:
  
  
  
  • I can see that you have MBAM installed.
  • Double click on your MalwareBytes AntiMalware icon to launch the program.
  • Click on the "Update" tab and then on "Check for Updates".
  • The program will now install the latest Malware definition files.
  • Once complete, click on the "Scanner" tab, select "Perform full scan"and then click on "Scan".
  • Once the program has scanned your computer, a log file will be created in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  
  
  
  • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
  • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
  • Come back here to this thread and Paste the log in your next reply.
  
  
• Please update your Java
  
  
  
  • Click on "Start", then on "Control Panel".
  • Go to "Add or Remove Programs" and uninstall any previous versions of Java that you find (J2SE Runtime Environment 5.0 Update 5).
  • Reboot your computer.
  • Next, download the latest version of Java by clicking here
  • Scroll down the page until you reach "Java Platform Standard Edition".
  • Beneath this and to the right, you will see a link marked "Download JRE".
  • Click the "Download JRE" button.
  • Select the platform (Windows, in your case), multi language.
  • Accept the license agreement and click on "Continue".
  • You do not have to register if you do not want to (the registration step is optional).
  • Scroll down and click on the file called jre-6u21-windows-i586.exe located under "Windows Offline Installation".
  • Save the file to your desktop.
  • Do not select Run.
  • Double click on the saved file (jre-6u21-windows-i586.exe) to install the update.
  • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
  
  
• Please perform the following scan:
  
  
  
  • This is a very deep scan that can take many hours. In some instances you may need to let it run overnight. Please be patient.
  
  
  
  • It is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time.
  • DO NOT surf the net while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.
  
  
  
  • Please perform a Kaspersky Online Scan of your computer by clicking here or here.
  
  
  
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run (at times it may appear to stall).
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
  
  • Once the scan is complete, click on View scan report. To obtain the report:
  • Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop
  • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:Text file [*.txt]
  • Then, click: Save
  • Please post the Kaspersky Online Scanner Report in your reply.
  • If you need help performing the above steps, an animated tutorial can be found here.
  
  Please post the MBAM log and the Kaspersky log in your next reply.
  
  Also, please describe how your machine is behaving now.

[RetiredChief]

JonTom, I performed the ATF Cleaner as requested but it may not be until Friday that I get the other steps done. I have been up late doing homework for my college class. Cheers! Chief

[JonTom]

it may not be until Friday that I get the other steps done

No problem

Post when you can.

[RetiredChief]

JonTom, Malwarebytes will not connect to get an update. I get an error code that says: An Error Occurred. Please report the following error code to the Malwarebyte's Anti-Malware support team. Error code: 732 (0, 0)

[RetiredChief]

JonTom, I loaded an updated version of MBAM on a re-formatted zip drive, re-named it "Turtle" and installed it. It updated successfully and I am currently running a full scan. I'll post when done. Cheers! Chief

[JonTom]

[RetiredChief]

Here is the MBAM log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4420 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/12/2010 2:32:02 AM mbam-log-2010-08-12 (02-32-02).txt Scan type: Full scan (C:\|D:\|J:\|) Objects scanned: 266663 Time elapsed: 3 hour(s), 26 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\QNB2EB90WX (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\RZDVL2F27W (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\jgmd400K.dll.vir (Spyware.Passwords) -> Quarantined and deleted successfully.

[JonTom]

Hello RetiredChief

Thank you for the log.

Update your Java then run Kaspersky as per the instructions.

Post when you can

[RetiredChief]

JonTom, I removed Java, but on the removal I got a Java Error: Java,lang.NullPointerException I clicked ok and the files were removed and I re-booted machine. I re-installed The latest Java as instructed but the computer seems to be running a little slower. I am going to do the Kapersky now.

[RetiredChief]

JonTom, I attempted to start the Kapersky download but got the following message: Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program. I attempted to load twice but got same results. Standing by......

[JonTom]

Hello RetiredChief

Lets try this:

• Please run the following scan
  
  
  
• Note: You will need to use Internet Explorer for this scan.
• Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
• Please disable your real time security programs before performing the scan.

• Scan your system with Eset Online Scanner
• Place a check mark in the box YES, I accept the Terms Of Use.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
• Click on to download the ESET Smart Installer. Save it to your desktop.
• Double click on the icon on your desktop.

• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the "Start" button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

Let me know if you run into any problems.

[RetiredChief]

JonTom, Completed scan, here's the log: C:\Qoobox\Quarantine\[4]-Submit_2010-08-09_21.36.58.zip Win32/Conficker.X worm deleted - quarantined

[JonTom]

Hello RetiredChief

Thank you for the log.

Provided you are no longer experiencing any problems, I think we are almost done.

You mentioned that you have a second machine that you are worried about.

If you would like me to take a look at it let me know (does it run XP, Vista or Win7?), but lets finish with this machine first


We will deal with what was found in the ESET scan in the steps below:

• Please Uninstall Combofix
  
  
  
  • Click on "Start" and then on "Run".
  • Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
  
  
• Removal of Tools
  
  
  
  • You no longer need DDS, GMER, SystemLook or The Avenger. Please delete them from your system.
  
  
• Re-enable your drivers
  
  
  
  • To re-enable your Emulation drivers, double click on DeFogger to run the tool.
  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear.
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
  IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
  Your Emulation drivers are now re-enabled.
  
  
• Your Adobe is out of date
  
  
  
  • You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
  • For more information and links to Adobe updates and downloads click here.
  
  
  Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
  
  
• Finally, please take the time to read through the information provided below:
  
  Enhance your System Security
  
  
  • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
  
  
  • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
  • Once complete, remember to re-engage your resident security before going online.
  
  Web Browsers and Browser Security
  
  Firefox
  
  • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
  
  No-Script
  
  • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
  • You can download No-Script by clicking here.
  
  Internet Explorer
  
  • The newest version of Internet Explorer is available from here.
  
  SpywareBlaster
  
  • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
  • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
  • You can download SpywareBlaster by clicking here.
  
  Web of Trust
  
  • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
  • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
  • You can download Web of Trust by clicking here.
  
  Keep your Software Updated
  
  • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
  • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
  
  Passwords
  
  • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
  
  General Reading
  
  • How did I get infected in the first place?
  • PC Safety and Security - What do I need?
  • How to prevent Malware (by Miekiemoes)
  
  Learn How To Combat Malware
  
  • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

[RetiredChief]

JonTom, I removed the stuff as you directed and loaded Comodo Firewall and Microsoft Security Essentials and everything works great. I'll keep it updates as you suggested. As for my LapTop, YES! I would like you to assist with that one too. Here's the story: Dell Inspiron 1150 Windows XP SP3 Mobile Intel ® Pentium ® 4 CPU 2.80 Ghz 1.59 Ghz, 512 MB RAM 50 GB Memory It is EXTREMELY slow - approximately 10 minutes to boot and another 3-5 for IE or Firefox to load to the home page after selecting the icon. Also, when I right click an icon I get a Windows Installer - Preparing to Install (window) That says Please wait while Windows Configures Symantec Client Security. I will then select cancell and it will then open the normal window thet should open when you right click on an icon or document. I do not have Symantec Installed and have not for 3 years. These are the major issues with it. I do not want to get rid of it because I need it for school. Whatever you can do will be much appreciated. Cheers! Chief P.S. The Missus says: Thank you, Thank you, Thank you!!!!! (Now I can stop sleeping on the couch)

[RetiredChief]

JonTom, I removed the stuff as you directed and loaded Comodo Firewall and Microsoft Security Essentials and everything works great. I'll keep it updates as you suggested. As for my LapTop, YES! I would like you to assist with that one too. Here's the story: Dell Inspiron 1150 Windows XP SP3 Mobile Intel ® Pentium ® 4 CPU 2.80 Ghz 1.59 Ghz, 512 MB RAM 50 GB Memory It is EXTREMELY slow - approximately 10 minutes to boot and another 3-5 for IE or Firefox to load to the home page after selecting the icon. Also, when I right click an icon I get a Windows Installer - Preparing to Install (window) That says Please wait while Windows Configures Symantec Client Security. I will then select cancell and it will then open the normal window thet should open when you right click on an icon or document. I do not have Symantec Installed and have not for 3 years. These are the major issues with it. I do not want to get rid of it because I need it for school. Whatever you can do will be much appreciated. Cheers! Chief P.S. The Missus says: Thank you, Thank you, Thank you!!!!! (Now I can stop sleeping on the couch)