InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Spyware, Viruses, etc.? |
|
Answer» Got instance of the vundo, I've run through the CCCleaner, SuperAntiSpyware, and the Anti-Malware. Here are my logs. attched.
---------- Open HijackThis and select Do a system scan only. Place a check mark next to the following entries: (if there)
Important: Close all windows except for HijackThis and then click Fix checked. Exit HijackThis. ---------- Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 **Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. If you have problems with ComboFix usage, see How to use ComboFixThanx so much for your help, it's greatly appreciated. I've attached the combofix log, let me know how it looks. I'd be more than happy to make a donation for the softwar and help, let me know where you would prefer I donate. You guys are the best. [attachment deleted by admin]Please go to VirusTotal.com (If more than one file needs scanned they must be done separately and logs POSTED for each one) 1. Copy the file path in the below Code box: Code: [Select]c:\windows\system32\melisise.exe 2. At the upload site, click once inside the window next to Browse. 3. Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window. 4. Next click Send File Your file will possibly be entered into a queue which normally takes less than a minute to clear. This will perform a scan across multiple different virus scanning engines. Important: Wait for all of the scanning engines to complete. 5. Copy and then Paste the link to the results in the next reply. Also scan this file please and post the link to it's results. Code: [Select]c:\\windows\\system32\\notetafa.dll ---------- Please go to Start > Run and copy/paste the following, then press Enter: C:\QooBox\Add-Remove Programs.txt A text file should open. Please post the contents of that file in your next reply. Here is the info. I'll be donating to your site tonight. Worth every penny, again, really appreciate the help. c:\windows\system32\melisise.exe http://www.virustotal.com/analisis/84a21b210d86e0ffce2c444256f13c98 c:\windows\system32\notetafa.dll 0 bytes received From the txt file: Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) AIM 6 Apple Mobile Device Support Apple Software Update Bonjour CCleaner (remove only) Civilization II Multiplayer Gold Edition Critical Update for Windows Media Player 11 (KB959772) Dimension 4 v5.0 Download Updater (AOL LLC) FW LiveUpdate Half-Life Half-Life: Blue Shift High DEFINITION Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) InCD iTunes Java(TM) 6 Update 12 jGRASP Lexmark 2600 Series Lexmark Toolbar Lexmark Z23-Z33 LightScribe 1.4.97.1 LucasArts' Star Wars: Episode I Racer LucasArts' X-Wing vs. TIE Fighter Malwarebytes' Anti-Malware McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Flight Simulator 2002 Microsoft Game Studios Common Redistributables Pack 1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) Nero Suite NVIDIA Drivers NVIDIA ForceWare Network Access Manager Oblivion Portal Project64 1.6 QuickTime Realtek High Definition Audio Driver Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Sibelius 3 Spy Sweeper Spy Sweeper Core Spybot - Search & Destroy Steam SUPERAntiSpyware Free Edition TRENDnet TEW-424UB Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Ventrilo Client WC3Banlist WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Search 4.0 Windows XP Service Pack 3 WinPcap 3.1 WinRAR archiver World of Warcraft XML Paper Specification Shared Components Pack 1.0
---------- Use the This scanner requires Internet Explorer 1. Check the box next to YES, I accept the Terms of Use. 2. Click Start 3. When asked, allow the activex control to install 4. Click Start 5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked. 6. Click Scan 7. Wait for the scan to finish 8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt 9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply. Here's the log from ESET: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3975 (20090330) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=8e505f341efe5c409b0346d308e28f77 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2009-03-30 06:45:32 # local_time=2009-03-30 02:45:32 (-0500, Eastern Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=271876 # found=0 # scan_time=3685 And again, many many thanx. Let me know if we need to do anything further.Looks good. Time to finish up. Use the Secunia Software Inspector to check for out of date software.
---------- Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.OK, before I do that, I just had a very strange thing happen. There are 2 accounts on this box, mine, which is Fred, and my son's, which is Alex. I just went in and changed his home page in IE7, after doing that, he re-booted, and the Alex account no longer seems to work. The name of this computer is IONE-amd-ABIT, for the case, cpu and motherboard. Under c:\documentsandsettings, my account is still there, and his old one, for Alex is still there also. But now there's one called Alex.IONE-amd-ABIT, and when he logs in, that's the one he gets, and all his old setting are gone. Did we do something wrong, and is there any way to fix it so when he logs in, the old Alex account will be the one we access?We haven't done anything since running ComboFix yesterday. Try a System Restore to when you uninstalled ComboFix. How do I restore Windows XP back to an earlier copy?Got no restore points. I do remember when I started all this, I got a message somewhere that said the "Recovery console wasn't installed, do I want to install it now?" I skipped that. Is the recovery console the same as system restore? I thought not.Quote Is the recovery console the same as system restore? No it's basically a partition which can be used for emergency repairs. You don't need it now. I'm really not sure why the settings "forgot" where they were. I'm also not sure how you would get them back to where they were without manually adjusting them again. I've seen browsers "forget" before but I'm not sure I've seen a profile do this before.After doing some searches on "corrupt ntuser.dat", it looks like that's what happened. I did and XP repair from the XP SP3 CD, and just moved his old folders to his new identity. All is good. I'm going to do the final Secunia check and make sure all is up to date, and then download the free programs you suggest. Again, i can' t thank you enough for your help. This forum is a life saver. I'll be keeping and EYE on it in the future, as well as watching out for conficker. If there's anything else I can do for you, pls let me know. |
|