Solve : Confirmation that system is clean?

1.	Solve : Confirmation that system is clean?
Answer» A friend gave me his tower to work on that was running Vista SP1 32bit that was inoperable. Instantly suspected malware due to nature of how it would boot and never get to desktop, basically black screen and pointer and never got past that point. Steps I have done so far: Step #1 - Removed the hard DRIVE from this computer and connected it to my SATA USB dock to turn this drive into an external and be able to work with this drive with malware dormant. Step #2 - Scanned this 500GB drive with MSSE and it found 9 malware items, mostly trojans. Told MSSE to clean this drive and it did. Step #3 - Placed this drive back into the Dell tower with it disconnected from the internet and turned it on. Windows Vista now came up with a message giving boot options because of an improper shutdown. This is probably because I had to force a shutdown due to the fact that while it was infected it was just a black screen with white pointer and CTRL + ALT + Delete and nothing ELSE functioned and I forced it to shutdown by holding in power button. Step #4 - System booted to desktop but certain windows features seemed to lag, as well as unresponsive. * I thought I was going to have to perform a repair installation at this point. So I shut it down and booted off of the system recovery disc and saw that it had a memory test option. Figured might as well test the RAM before moving on just in case 2 issues since the tower hasnt been really confirmed as good running yet. Ran memtest and at some point it got through this memtest and the system rebooted itself. Step #5 - I then figured ok its at the logon lets logon and see if the problem is still there. Now the system is very responsive and not lagging and is acting clean. Connected it to the internet over broadband and performed much needed security updates such as Service Pack 2 and all other patches. System still running fast after reboot and no noticable problems. Step #6 - Installed, updated definitions and started MSSE scan before bed ( first time in this tower scanning itself with its Vista now SP2 OS active ) to make sure nothing is detected. Step #7 - Woke up and checked the system and its GREEN NO Malware Detected. --------------------------------------------------------------------------- Here is the list of the Trojans detected and cleaned: 7 Variants of Sirefef 2 Variants of Necurs http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FSirefef http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=%20Trojan:Win32/Necurs --------------------------------------------------------------------------------------- Is there any other tools I should run against this system to make sure its really clean and not a gaping hole for infection? I use to use Rootkit Revealer in the past, but its been a while since I have had to remove viruses and not up to date on the latest tools for detection, removal, and prevention. As far as prevention goes, I have had good luck with MSSE and my friend had Norton on this system but the definitions lapsed about 4 years ago. Thanks for assistance [recovering disk space, attachment deleted by admin]Very impressive. May I ask a question. Two questions. Lots of questions Would you do it again? Was all this hard work really better that the alternatives? Such as: Buying a new PC? Asking your insurance company to fix it? Asking a youngster to disinfect it it as part of his/her science project? Blame the slowdown non the government? Or even wipe the drive clean and doing a full install of everything. I would run these scans below just to make sure. *********************************************************************** Please download AdwCleaner by Xplode onto your Desktop. Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the scan. Click on Delete. Confirm each time with OK Your computer will be rebooted automatically. A text file will open after the restart. Please post the CONTENT of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number. ***************************************** Please download Malwarebytes Anti-Malware from here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to EITHER and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. ********************************************* Please download Junkware Removal Tool to your desktop. •Warning! Once the scan is complete JRT will shut down your browser with NO warning. •Shut down your protection software now to avoid potential conflicts. •Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. •Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator •The tool will open and start scanning your system. •Please be patient as this can take a while to complete depending on your system's specifications. •On completion, a log (JRT.txt) is saved to your desktop and will automatically open. •Copy and Paste the JRT.txt log into your next message. ***************************************** I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start** button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Thanks for assistance ... I ended up installing Malwarebytes and ran the scan and it found some problems that MSSE did not pick up on. Removed those problems and performed a FOLLOW up scan to verify the problems were removed and it came up clean. I was going to get to the ESET online scan portion, but he needed his computer back for college work so he took it back. Right now he is happy with its operation and its now clean according to MSSE and Malwarebytes as well as I performed SP2 and many many updates on it. I also defragged his hard drive since the last defrag was back in 2010. He also needed security updates to MS Office 2010, so I did those. I think he is all set now.Quote I ended up installing Malwarebytes and ran the scan and it found some problems that MSSE did not pick up on. That's because they don't look for the same infections. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Answer»

A friend gave me his tower to work on that was running Vista SP1 32bit that was inoperable. Instantly suspected malware due to nature of how it would boot and never get to desktop, basically black screen and pointer and never got past that point.

Steps I have done so far:

Step #1 - Removed the hard DRIVE from this computer and connected it to my SATA USB dock to turn this drive into an external and be able to work with this drive with malware dormant.

Step #2 - Scanned this 500GB drive with MSSE and it found 9 malware items, mostly trojans. Told MSSE to clean this drive and it did.

Step #3 - Placed this drive back into the Dell tower with it disconnected from the internet and turned it on. Windows Vista now came up with a message giving boot options because of an improper shutdown. This is probably because I had to force a shutdown due to the fact that while it was infected it was just a black screen with white pointer and CTRL + ALT + Delete and nothing ELSE functioned and I forced it to shutdown by holding in power button.

Step #4 - System booted to desktop but certain windows features seemed to lag, as well as unresponsive. * I thought I was going to have to perform a repair installation at this point. So I shut it down and booted off of the system recovery disc and saw that it had a memory test option. Figured might as well test the RAM before moving on just in case 2 issues since the tower hasnt been really confirmed as good running yet. Ran memtest and at some point it got through this memtest and the system rebooted itself.

Step #5 - I then figured ok its at the logon lets logon and see if the problem is still there. Now the system is very responsive and not lagging and is acting clean. Connected it to the internet over broadband and performed much needed security updates such as Service Pack 2 and all other patches. System still running fast after reboot and no noticable problems.

Step #6 - Installed, updated definitions and started MSSE scan before bed ( first time in this tower scanning itself with its Vista now SP2 OS active ) to make sure nothing is detected.

Step #7 - Woke up and checked the system and its GREEN NO Malware Detected.

---------------------------------------------------------------------------
Here is the list of the Trojans detected and cleaned:

7 Variants of Sirefef

2 Variants of Necurs

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2FSirefef

http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=%20Trojan:Win32/Necurs

---------------------------------------------------------------------------------------

Is there any other tools I should run against this system to make sure its really clean and not a gaping hole for infection? I use to use Rootkit Revealer in the past, but its been a while since I have had to remove viruses and not up to date on the latest tools for detection, removal, and prevention. As far as prevention goes, I have had good luck with MSSE and my friend had Norton on this system but the definitions lapsed about 4 years ago.

Thanks for assistance

[recovering disk space, attachment deleted by admin]Very impressive. May I ask a question. Two questions.
Lots of questions
Would you do it again?
Was all this hard work really better that the alternatives?
Such as:

Buying a new PC?
Asking your insurance company to fix it?
Asking a youngster to disinfect it it as part of his/her science project?
Blame the slowdown non the government?

Or even wipe the drive clean and doing a full install of everything.
I would run these scans below just to make sure.
*************************************************************************
Please download AdwCleaner by Xplode onto your Desktop.

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the scan.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the CONTENT of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to EITHER and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Thanks for assistance ... I ended up installing Malwarebytes and ran the scan and it found some problems that MSSE did not pick up on. Removed those problems and performed a FOLLOW up scan to verify the problems were removed and it came up clean.

I was going to get to the ESET online scan portion, but he needed his computer back for college work so he took it back.

Right now he is happy with its operation and its now clean according to MSSE and Malwarebytes as well as I performed SP2 and many many updates on it. I also defragged his hard drive since the last defrag was back in 2010. He also needed security updates to MS Office 2010, so I did those.

I think he is all set now.Quote

I ended up installing Malwarebytes and ran the scan and it found some problems that MSSE did not pick up on.

That's because they don't look for the same infections.

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : Confirmation that system is clean?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment