InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Metropolitan Police malware has infected my system? |
|
Answer» Here is the ESET Log I got Metropolitan Police malware on my laptop. I followed the "read this before requesting malware removal help" post which seems to have stopped it, Now I just need to get rid of the damage? I think there are still some files left on my laptop from the malware and I am missing a RUNDLL file from the windows directory. I have attache a jpg of the ERROR window as I couldn't seem to get it into the post. I believe the RUNDLL file was the source of my malware issue. I will explain my reasoning though I could be wrong. When I got the malware it locked up the laptop. It didn't however start until the internet connection was live. So with the internet disconnected I looked in my startup folder by going right mouse button on Start and browsing all USERS. I found a short cut called cpfmon. I deleted cos I didn't know what it was. Came straight back. So I searched C drive for cpfmon and found a few other files withe the same name. I deleted them and then connected to the internet. No malware issue. When I restarted and connected I got the malware back. So I looked at the properties of the cpfmon shortcut and found where it was linked to, it was a RUNDLL file in the windows directory. Hence why I think the RUNDLL file was the source of the malware or at least what it had infected. Apart from this missing file everything is ok that I can see. I appreciate all the help you have given. Thank you [year+ old attachment deleted by admin]I'm happy that everything is working well but I want to check further on that alert and then we'll so some cleanup.Please download SystemLook from one of the links below and save it to your desktop. Link # 1 Link # 2 Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double-click SystemLook.exe to run it. Copy the contents of the following codebox into the main textfield. Code: [Select]:filefind jork_0_typ_col.exe Click the Look button to start the scan. Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer). When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt SystemLook 30.07.11 by jpshortstuff Log created at 18:17 on 05/07/2012 by Benni Administrator - Elevation successful ========== filefind ========== Searching for "jork_0_typ_col.exe" No files found. -= EOF =- Double-click SystemLook.exe to run it. Copy the contents of the following codebox into the main textfield. Code: [Select]:regfind jork_0_typ_col.exe Click the Look button to start the scan. Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer). When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt Nothing exciting I'm afraid SystemLook 30.07.11 by jpshortstuff Log created at 19:39 on 06/07/2012 by Benni Administrator - Elevation successful ========== regfind ========== Searching for "jork_0_typ_col.exe" No data found. -= EOF =-Please download SystemLook from one of the links below and save it to your desktop. Link # 1 Link # 2 Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double-click SystemLook.exe to run it. Copy the contents of the following codebox into the main textfield. Code: [Select]:regfind "error loading" Click the Look button to start the scan. Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer). When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt I'm afraid there is still no joy SystemLook 30.07.11 by jpshortstuff Log created at 18:08 on 08/07/2012 by Benni Administrator - Elevation successful ========== regfind ========== Searching for ""error loading"" No data found. -= EOF =-Please do this even if you don't have your OS disk.Please let me know what happens. Do you have an XP CD? If so, place it in your CD ROM drive and follow the instructions below: •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow) *Let this run undisturbed until the window with the blue progress bar goes away SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.Unfortunatly I don't have the XP CD. I got the lap top with an XP downgrade as I didn't want Windows Vista. I have the Vista CD though. I followed the FSC /Scannow instructions. It went through it all. There was no message after it finished so I assume everything was ok.Quote from: benni9000 on July 11, 2012, 10:36:10 AM Unfortunatly I don't have the XP CD. I got the lap top with an XP downgrade as I didn't want Windows Vista. I have the Vista CD though.If it didn't ask for the XP disk that means all the OS files are ok. I'm at a loss as to what's causing this error.Ok. No worries. Other than that message on startup everything seems to be working ok. I really appreciate the time and effort you've spent helping me sort my laptop out. Thank youWe should do some cleanup before you go. Download this program and run it Uninstall ComboFix .It will remove ComboFix for you ******************************************* To turn off Windows XP System Restore: NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK. 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore" or "Turn off System Restore on all drives" 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. 8. Restart the computer and follow the instructions in the next section to turn on System Restore. To turn on Windows XP System Restore: 1. Click Start. 2. Right-click My Computer, and then click Properties. 3. Click the System Restore tab. 4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." 5. Click Apply, and then click OK. ************************************************ Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************ Use the Secunia Software Inspector to check for out of date software. •Click Start Now •Check the box next to Enable thorough system inspection. •Click Start •Allow the scan to finish and scroll down to see if any updates are needed. •Update anything listed. . ---------- Go to Microsoft Windows Update and get all CRITICAL updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - SEARCH & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing! |
|