Sponsored By

cdavfrew

Members
  • Content Count

    16
  • Joined

  • Last visited

About cdavfrew

  • Rank
    Member
  • Birthday 02/29/1912

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Atlantis, Mystery Street 23, Block 45, #67

Previous Fields

  • Operating System
    Windows XP SP3, Vista Business
  1. cdavfrew

    My Infected Computer

    Here are a few other things you must do once you are completely clean: 1. Time for some housekeeping • Click START then RUN • Now type (or Copy/Paste) Combofix /u in the runbox and click OK 2. Now Set a New Restore Point to prevent possible re-infection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can re-infect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: • Go to Start > Programs > Accessories > System Tools and click "System Restore". • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. • Then go to Start > Run and type: Cleanmgr • Click "OK" Select the drive you want to clean usually C: Click OK When it completes the scan: • Click the "More Options" Tab. • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. 3. Defragment your Hard Drive 1.Open My Computer. 2.Right-click the local disk volume that you want to defragment, and then click Properties. 3.On the Tools tab, click Defragment Now. 4.Click Defragment. And here are some tips to reduce the potential for spyware infection in the future: Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open. I strongly recommend installing the following applications: To protect your machine, I highly recommend BOClean. It’s FREE and it works. I use it and never get one of these infections. In order to prevent the installation of Trojans and Malware on your machine: Download and install: Comodo BOClean Comodo BOClean protects your computer against trojans, malware and other threats. It constantly scans your system in the background and intercepts any recognized trojan activity. The program can ask the user what to do, or run in unattended mode and automatically shutdown and remove any suspected Trojan application. Comodo BOClean currently supports more than 60,000 malware items and offers automatic daily updates. Other features include updating via network share, tamper protection and stealth mode. Spywareblaster <= SpywareBlaster will prevent spyware from being installed. See Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. And also see Tony Klein's good advice So how did I get infected in the first place? Enjoy your clean computer. Any more questions? Best Regards
  2. cdavfrew

    My Infected Computer

    Hey sarahw You can uninstall VirtuaGirl HD from your Add/Remove Programs in the Control Panel. This will make the dancing girls go away, unless you installed this program and wish to keep it. I'll post back soon with more information for the future security of your computer. *so...have i passed? Best Regards Also uninstall these programs unless you want them on your PC: Al Roker Vs. Star Jones Boxing by Outerinfo pointgo
  3. cdavfrew

    My Infected Computer

    Please follow all my instructions accordingly. Read through all of it. 1. • Start HijackThis. • Click on Misc Tools. • Then click Open Uninstall Manager. • Click Save list... • Notepad will open with the list. • Post the list here. 2. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. Open Notepad and copy/paste the text in the code box below into it: Folder:: C:\WINDOWS\system32\iDlo07 Save this as CFScript.txt in the same folder as ComboFix. Then drag the CFScript.txt into Combo-Fix.exe. This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt). Do not click on the ComoboFix window, as it may cause it to stall. Post a new HijackThis log. Also turn on the computer and tell me what problems are left. Best Regards
  4. cdavfrew

    My Infected Computer

    Great. Also post a new HijackThis log. What do you mean by not being able to access Virustotal on the computer? What problems do you have left? The girls are probably still dancing on your desktop, aren't they. Don't worry; they'll be fixed in the next step, after you've posted the virustotal results. Best Regards
  5. cdavfrew

    My Infected Computer

    Hey sarahw First, I want you to enable the viewing of hidden files. • Click Start. • Open My Computer. • Select the Tools menu and click Folder Options. • Select the View Tab. • Under the Hidden files and folders heading select Show hidden files and folders. • Uncheck the Hide protected operating system files (recommended) option. • Click Yes to confirm. • Click OK. Next, please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. Open Notepad and copy/paste the text in the code box below into it: File:: C:\WINDOWS\system32\tupdfim.dll C:\WINDOWS\system32\papdfim.dll C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe C:\WINDOWS\system32\teytgohg.tmp C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIALWORKERSTARTER"=- Save this as CFScript.txt in the same folder as ComboFix. Then drag the CFScript.txt into Combo-Fix.exe. This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt). Do not click on the ComoboFix window, as it may cause it to stall. After that, please locate the following files: C:\WINDOWS\system32\dllcache\beep.sys C:\WINDOWS\system32\drivers\b7a36ed3.sys C:\WINDOWS\system32\iDlo07\iDlo071084.exe C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe Upload each of these files to VirusTotal.com, and post the results here. Also post a fresh HijackThis log. Any more problems with your computer? Best Regards
  6. cdavfrew

    My Infected Computer

    Wonderful. I have all the information I need. There are still a few malware files remaining on your computer, and Malwarebytes will fix them. I will answer all your questions later. It seems that you used to have Malwarebytes. If you have already uninstalled it, please follow the instructions regarding downloading and installing it.. Please download Malwarebytes' Anti-Malware to your desktop. • Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!! • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post contents of that file in your next reply. Best Regards PS: Sorry if I'm dragging this too long... I just wanted to be sure of the malware's behavior. As for installing the recovery console, I didn't think that was necessary.
  7. cdavfrew

    My Infected Computer

    Hey sarahw Please note that running programs is what will fix this problem. To fix it manually will take a long time. Just do this one more step: run SuperAntispyware in safe mode again, and then post the log here. It seems that some of the malware still remains stuck on your computer, and I need to know which. This will allow for the most thorough cleanup of your computer, instead of directly fixing using online scanners and such. Best Regards
  8. cdavfrew

    My Infected Computer

    Hey sarahw Please boot into safe mode and run Combo-Fix.exe from there once more. Post the ComboFix log here. After that, try doing a scan with SuperAntispyware in safe mode again. If it still doesn't work, do it in normal mode. Post the log here. Best Regards
  9. cdavfrew

    My Infected Computer

    Hey sarahw Delete your previous version of SDFix Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer into Safe Mode by doing the following: • Restart your computer • After pressing the power button, repeatedly tap the F8 key. • Instead of Windows loading as normal, the Advanced Options Menu should appear; • Select the first option, to run Windows in Safe Mode, then press Enter. • Choose the administrator's account. • Open the extracted SDFix folder and double click RunThis.bat to start the script. • Type Y to begin the cleanup process. • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. • Press any Key and it will restart the PC. • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. • Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum) • Finally paste the contents of the Report.txt here. Best Regards
  10. cdavfrew

    My Infected Computer

    Hey sarahw Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Looking good. The malware's retreating. After that, post a new HijackThis log as well. Best Regards Edit: You didn't follow completely my previous instructions.
  11. cdavfrew

    My Infected Computer

    Hey sarahw Before I can continue to more drastic measures, I will need more analysis. 1. Are you running as Administrator? 2. Please download EXE File Association Fix, unzip the file, and run the .reg file. When a prompt pops up, click on Yes. After that, reboot, and try running Combo-Fix.exe again. Best Regards
  12. cdavfrew

    My Infected Computer

    Hey sarahw Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) • Open the extracted SDFix folder and double click RunThis.bat to start the script. • Type Y to begin the cleanup process. • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. • Press any Key and it will restart the PC. • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. • Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum) • Finally paste the contents of the Report.txt here. Best Regards
  13. cdavfrew

    My Infected Computer

    Hey sarahw Thanks for the detailed report. Let's mix it up a little. Follow the instructions in my second post, reboot, and then run Combo-Fix.exe. Best Regards
  14. cdavfrew

    My Infected Computer

    Please run HijackThis. • Click on the button which says Main Menu, then Do a system scan only. • Please wait for the scan to be completed. • After the scan has completed, check the following entries only if they are still there. If they are not there, ignore them. R3 - Default URLSearchHook is missing F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL O2 - BHO: (no name) - {C1414B47-C261-4695-B157-3867F6649E93} - C:\WINDOWS\system32\geBtTMec.dll O3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exe O4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exe O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exe O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe O4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.dat O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll O21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dll O21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dll O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL Click on the button Fix checked NOTE:: Close all browsers before fixing anything. Next, open Notepad. Type in the following: @echo off sc stop Schedule sc delete Schedule exit Click on File > Save As.... In the File Name box, type in fix.bat In the Save as type box, select All Files from the drop-down list. Click Save and save it to your Desktop. Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal. After that, reboot. What problems do you have left? Best Regards
  15. cdavfrew

    My Infected Computer

    Hey SarahW Nice collection of malware there. Let's clean it up. First, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. After that, follow the next set of instructions in the next post.