Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

ICE Cyber Crime virus on Windows XP [Solved]


  • This topic is locked This topic is locked
66 replies to this topic

#46 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 10:38 AM

The batchfile ran.  A quick flash on the screen and it deleted itself


    Advertisements

Register to Remove


#47 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 10:40 AM

Yes, that means it ran successfully. Please proceed with MBAM and ESET to check for any remnants. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#48 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 11:10 AM

Step 2 anti-malware ran and found no threats.

I follwoed instruction went to history tab opened the log.

 

The form was bigger than the screen and the export button I assume is on the bottom, because I could not see it and I could not see the bottom of the form.

 

 

I tried to resize it - wouldn't let me.

I tried to move the form, but it wuld not let me move it high enough tosee the bottom of the form.

 

I tried making the view in my web browser small 50%  still did not help



#49 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 11:12 AM

OK. This is a known issue with MBAM on XP machines I believe. 

 

As no threats were found, the log isn't important. Please proceed with ESET. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#50 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 11:55 AM

The ESET scan.

C:\FRST\Quarantine\C\Documents and Settings\All Users\Application Data\50BC232.cpp.xBAD a variant of Win32/Kryptik.CKLB trojan
 

 

I did turn off norton before I ran this.  When the program finsihed Norton was back on.   I think it was the 15 min timer on norton that turned it back on.



#51 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 12:07 PM

Hi Larry, 
 
No problem about Norton. We have a few updates to perform, remove the tools we've used, and we'll be done. 
 
I'm going to use this opportunity to provide information on the unsupported nature of your Operating System (XP).
 

xgoGMWSt.gif.pagespeed.ic.T3xMEQZT0d.pngUnsupported Operating System Warning

------------------------------
 
On April 8th 2014, Microsoft officially declared Windows XP as unsupported, and consequently ceased the production and release of Windows XP Updates and Security Patches. Please read the following articles:

Without Windows Updates, your computer will be continuously susceptible to malware infection. In the past, vulnerabilities found in the Windows XP software were patched shortly after by Microsoft issuing an Update. Now that XP is no long supported with Updates, once a vulnerability is discovered, it will not be patched; allowing malware authors to freely distribute their exploit in the knowledge the vulnerability will not be patched.
 
Please let me know if you have any questions.

 

 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (XP)

  • Press the windows key Windows_Logo_key.gif.pagespeed.ce.cUFoqr + r on your keyboard at the same time.
  • Copy the entire contents of the codebox below and paste into the Run box.

%systemroot%\system32\restore\rstrui.exe

  • Click Create a Restore Point then click Next.
  • Type SP3 Reinstall in the name field and click Create.
     

STEP 2
xu9DsAVv.png.pagespeed.ic.jOTvbGK8JJ.jpg Manually Installing Windows XP Service Pack 3

  • Download WindowsXP-KB936929-SP3-x86-ENU.exe and save the file to your desktop.
  • Double-click the icon and click Run
  • Allow the programme to extract the files.
  • Click Next.
  • Click I Agree, then Next.
  • The Software Update Installation Wizard will inspect your current configuration and should install the files.
  • Note: If you receive an error please stop, note the error and provide the information in your next reply. 
  • When you are notified you have successfully completed the Service Pack 3 Setup Wizard click Finish and allow your computer to automatically reboot.
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did Service Pack 3 install successfully? 

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#52 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 12:24 PM

I knew XP was no longer supported.

The infectedc PC is old. I am not even sure the newer version of windows would run on it.

I would consider upgrading if it would.

A few years ago I got a bad virus on the computer I use for personal business.  I lost a lot of data and did not have a back up.

So I have a new computer with current windows and I have a network back up system in place that does a back up daily.

I only use the new computer on the internet for site I know.  I also have Noton.

 

I use this old computer if I am going to sites I do not know.  There is nothing on here no data.  No personal info and I never go to any of my safe sites like my bank.

 

IIs it possible to make an image of the system as it sits now?  I could restore the whole image every month or so. 

 

If you think it is worthwhile upgrading I can do that as well.



#53 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 12:26 PM

Yes, we can create an image. Would you prefer to do this before updating to SP3 and removing the tools we've used, or after? 

 

This machine doesn't have enough RAM to upgrade. I doubt other hardware components would be able to support Windows 7 or 8 either. 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#54 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 12:56 PM

Let's wait until we are finished.

 

SP3 is still running.  I need to go out for a few hours.  I will send you the results when I get back.



#55 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 04:51 PM

Adam, SP3 installed without error and the PC has rebooted.


    Advertisements

Register to Remove


#56 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 06:33 PM

Very good. Are there any outstanding issues?

If not, we will update your software, remove our tools, and create the image of your HDD.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#57 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 07:05 PM

No issues....    all is looking good



#58 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 07:12 PM

Very good. Please do the following. 

 

STEP 1
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Java 2 Runtime Environment Standard Edition v1.3.1 
  • Follow the prompts and reboot if necessary.
     

STEP 3
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#59 LMac

LMac

    Authentic Member

  • Authentic Member
  • PipPip
  • 42 posts

Posted 06 September 2014 - 07:34 PM

Results of screen317's Security Check version 0.99.87 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
 Norton Internet Security   
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
 

 

I did not do the Java update.  ( I do not think I have Java on this PC)

 

Th eexplorer 8.1 check said my system was not capable of the upgrade.



#60 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 07:44 PM

Okay, not to worry. If you've yet to do so, please check for Java 2 Runtime, and uninstall if present. This outdated software is particularly vulnerable.

Your log indicates your Hard Drive has 8% fragmentation. Have you performed a defrag before? Do you know how?

I will return with instructions for you tomorrow.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users