Hi. As mentioned in descript, I'm trying to clean up my PC of any leftovers that may still be on system from an infection due to the following file: "fees_2008-2009_____________.doc.exe
When I downloaded file to desktop, and opened it (bad idea should have thought twice) - Avast 4.8 pointed out to me via popups that this file contained many trojans. I either moved the files to chest or deleted depending on what it would lt me do. Also Comodo Firewall Pro at same time gave me several popups; warning me that the file was trying to change drivers in system32 folder. I clicked "block" on each request.
Ran Avast 4.8 - found nothing. Ran Spybot S&D - found 1 file (listed as vunulo
or something similar). I clicked the fix it button.
Ran Uniblue Spyeraser v2.0, it found 36
registry keys as being infected. - They were listed as "Malware (General components)". And have been removed
. These registry keys were as follows:
The different endings:
Plus this reg key as well:
hkey_local_machine\software\microsft\windows\currentversion\image file execution options\explorer.exe
But this binded nasty executable file on the desktop (still in same place from original download) was refusing to be deleted by me, and detected by what software I'd tried so far. So I thought about online scanners I knew, and ran Panda active scan v2.0, and it found more infections - maybe 8? (and dealt with them).
I restarted PC to see what effect all this had on system. .. Not good - got to windows login screen after it flickered on
, mouse and keyboard didn't produce ouput on screen
. With my limited knowledge of computers, I thought this could be due to a driver problem - eg some system drivers gone corrupt/deleted perhaps due to scans etc?
I decided best way to get my PC back up and running fine was to repair the current OS installation on hard drive. After restarting and activating OS, and PC running fine, I downloaded and ran an Ad-aware scan (thorough, all drives) and found nothing.
I tried renaming the unzipped folder (that file was sitting inside) on desktop. That worked
along with its move to recycle bin, and subsequent deletion, so I thought I might be getting somewhere?
I have done a hijackthis log, and can attach in a following post if required.If someone could point me in right direction of where I need to go or tell me steps for eradicating all nasties that would be great. -- I would like a clean system please .
Windows XP Pro SP3
Intel 3GHz core2Duo E6850