Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow web browsing - Previous Vundo infection


  • This topic is locked This topic is locked
21 replies to this topic

#16 J Kopp

J Kopp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 30 June 2009 - 10:07 AM

Upon completion of running, the machine rebooted. On startup the notepad opened with the following.... when I navigated to the location you outlined there were no files in the folder ....hope this is what you need.

All processes killed
========== FILES ==========
C:\WINDOWS\system32\kg6muc0p.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jillian Oberlander
->Temp folder emptied: 71657077 bytes
->Temporary Internet Files folder emptied: 14117116 bytes
->Java cache emptied: 23424872 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 334353 bytes
Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 104.56 mb


OTM by OldTimer - Version 3.0.0.2 log created on 06302009_075335

Files moved on Reboot...

Registry entries deleted on Reboot...

BC AdBot (Login to Remove)

 


#17 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:19 AM

Posted 30 June 2009 - 10:23 AM

Hi J Kopp,

I think you are clean. :thumbup2:
Please tell me how the computer is running.

We still have to do the program clean up.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#18 J Kopp

J Kopp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 30 June 2009 - 10:31 AM

Seems to be running ok to me, although have not spent much time surfing on this machine here at work. If we can clean up the programs I will send it home with the boss and let his daughter mess with it. I believe she leaves for California at the end of the week.

Like I said - seems good to me.

Thanks for your help so far....

#19 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:19 AM

Posted 30 June 2009 - 10:40 AM

Hi J Kopp,

Since your seeing no problems, its time for the program clean up.



Uninstall ComboFix, go to to Start > Run & type in ComboFix /u
Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete any of its related folders and files (Qoobox
VundoFix Backups, Avenger, _OTM3), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let's reset you files so they are hidden and protected.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading deselect Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK

If OTM is still there then
open OTM and click the CleanUp! button on top.
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present.
They are not needed anymore, so OtM will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.
Then reboot your computer.

For Vista only:
OTMoveIt3 you have to right-click and select Run As Administrator. With Vista, by default, programs arent run from the Administrator account. It's the new UAC policy for security.



Please read and follow
<a href="http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/" target="_blank">
Simple and easy ways to keep your computer safe and secure on the Internet
</a> as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.

Edited by SifuMike, 30 June 2009 - 10:42 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#20 J Kopp

J Kopp
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 30 June 2009 - 10:43 AM

I do not see SECURITY CHECK on the desktop...... Should it be there?

#21 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:19 AM

Posted 30 June 2009 - 11:03 AM

No, it should not. I edited my posted and removed it. I forgot I did not ask you to download it.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#22 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:19 AM

Posted 06 July 2009 - 09:46 PM

Since your problem appears to be resolved, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users