Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with gasfky, looking for solutions


  • Please log in to reply
9 replies to this topic

#1 andrewmrobbins

andrewmrobbins

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 October 2009 - 11:31 AM

Infected with something called "gasfky". It is redirecting my search engine results. I have Ad-Aware, Norton Antivirus 2010, Symantec, and MBAM all on my computer. MBAM is the only one that detects and says it will delete it upon restart. After restart the files are still there and affecting the computer. This is the log for MBAM after it just ran:

Malwarebytes' Anti-Malware 1.41
Database version: 2878
Windows 5.1.2600 Service Pack 3

10/1/2009 12:27:00 PM
mbam-log-2009-10-01 (12-27-00).txt

Scan type: Quick Scan
Objects scanned: 130470
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gasfkykwvtyaqf.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\gasfkyreymqpqj.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\gasfkyybkjtali.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\gasfkywrmomykm.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\gasfkyiqqyexnqwh.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\gasfkyotmikboulb.tmp (Rootkit.TDSS) -> Delete on reboot.


I went to the system32 and Temp folders to try and at least manually locate them but I don't see the files listed. Please let me know if you have any advice, frustrating the hell out of me ><

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 01 October 2009 - 11:50 AM

Your Malwarebytes Anti-Malware log indicates you are using an outdated database version.
The database shows 2878. Last I checked it was 2884.

Please update it through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: Mbam-rules.exe is not updated daily. Another way to get the most current database definitions if you're having problems updating through the program's interface or have already manually downloaded the latest definitions (mbam-rules.exe) shown on this page, is to do the following: Install MBAM on a clean computer, launch the program and update through MBAM's interface. Copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system. If you cannot see the folder, then you may have to Reconfigure Windows to show it.
  • XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
  • Vista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware
Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Posted Image > Run..., then copy and paste this command into the open box: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Important: Before performing an anti-rootkit (ARK) scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Note: Not all hidden components detected by ARKs are malicious. It is normal for a Firewall, some Anti-virus and Anti-malware software (ProcessGuard, Prevx1, AVG AS), sandboxes, virtual machines and Host based Intrusion Prevention Systems (HIPS) to hook into the OS kernal/SSDT in order to protect your system. SSDT (System Service Descriptor Table) is a table that stores addresses of functions that are used by Windows. Both Legitimate programs and rootkits can hook into and alter this table. You should not be alarmed if you see any hidden entries created by legitimate programs after performing a scan.

IMPORTANT NOTE: IMPORTANT NOTE: One or more of the identified infections (gasfkyk[random characters].***) is related to a nasty variant of the TDSSSERV rootkit component also known as Backdoor.Tidserv. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 andrewmrobbins

andrewmrobbins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 October 2009 - 01:21 PM

Thank you for your prompt response. I updated MBAM and ran it again. I also downloaded the Anti-Root kit and it discovered a plethora of hidden files, many of which had the "gaskfy" title embedded in it. I removed all the suggested files and am happy to say that my search engines are functioning properly again! Do you have any further suggestions as far as ensuring all gaskfy components are removed and ensuring this doesn't happen again? As you're reading this I will be running MBAM and Anti-Root Kit again. Thank you so much for your help!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 01 October 2009 - 01:28 PM

Just post the results of your rescans.

Also let me know how your computer is running and if there are any more reports/signs of infection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 andrewmrobbins

andrewmrobbins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 October 2009 - 01:44 PM

Here is the result from the MBAM Quick Scan:
Malwarebytes' Anti-Malware 1.41
Database version: 2887
Windows 5.1.2600 Service Pack 3

10/1/2009 2:43:46 PM
mbam-log-2009-10-01 (14-43-46).txt

Scan type: Quick Scan
Objects scanned: 131561
Time elapsed: 21 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gasfkyyuoeligs (Rootkit.TDSS) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The item was removed and am rebooting right now. Will follow up with another Anti-Root Kit scan.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 01 October 2009 - 01:52 PM

Looking good.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 andrewmrobbins

andrewmrobbins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 01 October 2009 - 03:05 PM

Here are the results of the Anti-Rootkit scan:

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0024452.dll***
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{1A920358-A656-4081-8596-5245607E2B41}.qbd
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{1A920358-A656-4081-8596-5245607E2B41}.qbi
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0024453.dll***
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{AC42FA63-BE6E-4AE0-8731-5EACEE1B5534}.qbd
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{AC42FA63-BE6E-4AE0-8731-5EACEE1B5534}.qbi
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{502308F5-DC27-4F0F-BE5D-D94F7B05BB95}.qbd
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{502308F5-DC27-4F0F-BE5D-D94F7B05BB95}.qbi
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{6FB364B4-3E0A-4607-944B-61D0ED0B4C62}.qbd
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{6FB364B4-3E0A-4607-944B-61D0ED0B4C62}.qbi
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{7A20FEC6-FF18-4E65-B534-C08984B458AC}.qbd
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\QBackup\{566E98E9-6A76-4CF2-878C-B1AB23317D5B}\{7A20FEC6-FF18-4E65-B534-C08984B458AC}.qbi
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe
C:\Documents and Settings\All Users\Application Data\Norton\00000082\00000107\000003c9\cltLMS1.dat
C:\Documents and Settings\All Users\Application Data\Norton\00000082\00000107\000003c9\cltLMS2.dat
C:\Documents and Settings\Andrew Robbins\Local Settings\Temp\imApp_7.0.3.17\AIMLang.exe
C:\Documents and Settings\Andrew Robbins\Local Settings\Temp\imApp_7.0.3.17\AIMinst.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4391\AIMinst.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4391\ocpinst.exe
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\About iTunes.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Apple TV Help.chm
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\EA0423.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Ringtone.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\EA0426.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\EQWindow.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\EQWindow.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\EQWindow.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\genresLoc.plist
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\GoogleLicense.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\GradientWindow.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\License.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\GradientWindow.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\GradientWindow.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPhone Help.chm
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPod Help.chm
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPod License.rtf
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPodSettings.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPodSettings.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iPodSettings.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iTunes Help.chm
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iTunesLocalized.dll
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\iTunesLocalized.qtr
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Localizable.strings
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\MusicStoreBar.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\MusicStoreBar.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\MusicStoreBar.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Placards.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Placards.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Placards.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Ringtone.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\Ringtone.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\SetupAssistant.nib\classes.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\SetupAssistant.nib\info.nib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\SetupAssistant.nib\objects.xib
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\SortPrefixes.plist
C:\Program Files\iTunes x\iTunes.Resources\ru.lproj\YahooLicense.rtf
C:\Documents and Settings\Andrew Robbins\Local Settings\Temp\AIM_6.9.15.1\AIMinst.exe
C:\Documents and Settings\Andrew Robbins\Local Settings\Temp\AIM_6.9.15.1\ocpinst.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\ocpinst.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.2.78.1\ocpinst.exe
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP29\A0024450.dll***
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\ocpinst.exe
C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4268\ocpinst.exe

All of these items were marked as Removable but not recommended for clean up.

While the scan was running, Symantec Auto-Protect popped up informing me that it had deleted 3 items that were marked as Backdoor.Tidserv risks. These are the items marked as *** from the Anti-Rootkit scan.

Many of the items from the Anti-Rootkit scan were pointed out to me the first time I did the scan but I disregarded them because I recognized the programs (Norton, iTunes, AIM, etc.).

What's the next move? :)

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 01 October 2009 - 04:48 PM

As I said, not all hidden components detected by ARKs are malevolent. Thus, its not unusal to find legitimate files mixed in with malicious ones. Sophos ARK does not recommend removal of files which the scanner does not recognize. However, that does not mean those files are all good and should be left alone. Further investigation is required after the initial scan to analyze and identify the files which were detected so they can be removed during a subsequent scan if found to be malicious. It looks like you were successful at removing the rootkit related files.

While the scan was running, Symantec Auto-Protect popped up informing me that it had deleted 3 items that were marked as Backdoor.Tidserv risks. These are the items marked as *** from the Anti-Rootkit scan.

That's why its important to temporarily disable your AV and other security tools while performing an ARK scan.

These are the items marked as *** from the Anti-Rootkit scan.

The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:System Restore is the feature that protects your computer by creating backups (snapshots saved as restore points) of vital system configurations and files. These restore points can be used to "roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default on the root of every drive, partition or volume including most external drives, and some USB flash drives. For more detailed information, read System Restore Overview and How it works and How antivirus software and System Restore work together.

System Restore is enabled by default and will back up the good as well as malicious files, so when malware is present on the system it gets included in restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, you may receive an alert or notification that a malicious file was detected in the SVI folder (System Restore points) but the anti-virus software was unable to remove it. Since the SVI folder is a protected directory, most anti-virus and scanning tools cannot access it to disinfect or delete these files. If not removed, they sometimes can reinfect your system if you accidentally use an old restore point.

To remove these file(s), the easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.
Vista users can refer to these links: Create a New Restore Point in Vista and Disk Cleanup in Vista.

How is your computer running now? Are there any more reports/alerts, signs of infection or issues with your browser?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 andrewmrobbins

andrewmrobbins
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 02 October 2009 - 12:13 PM

Everything seems to be running smoothly now. I'll run MBAM and and the Anti-Rootkit program again tonight and tomorrow to see if anything new pops up. Thank you so much for helping me.. I've dealt with viruses, spyware, etc. before but this was a whole new experience for me. Thank you again you saved my computer!

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:21 AM

Posted 02 October 2009 - 03:55 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users