Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmarik/Kryptik trojan infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 leedsfan2

leedsfan2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 12 January 2010 - 11:22 AM

A few weeks ago a managed to contract a virus, I think it entered via Malware Defence, I was running Avira antivir. but it got through, had all the normal symptoms but managed to delete enough of the rubbish that came with it to get my PC working ok ish. Firefox was redirecting all so removed and am using Chrome. Am now running Esset NOD32 which as is known picks up but cant remove. keep running MBAM scan and my PC no worse. MBAM does not find Olmarik? I tend to get a message every few mins. saying "Google installer has encountered a problem needs to shut down Etc." Hit "Don't sent report", but Chrome still runs. Cant run dowmload Exe. files on Chrome, but renaming Etc can from I.E.? Strange things happen like windows minimise now and again on their own.
Uploaded and deleted various AntiMalware progs to no avail - can you help?

Log as requested.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Jackson at 15:09:07.60 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.228 [GMT 0:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Documents and Settings\Jackson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jackson\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jackson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZJman000&ptb=QXTUqqZF4Wg3HPKPjRrI.Q
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - MSN Toolbar Helper
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No File
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} -
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7}
IE: {E2A4C436-1D8B-4ABB-AB04-513AFACFED0E}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: RaptisoftGameLoader - hxxp://www.miniclip.com/hamsterball/raptisoftgameloader.cab
DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup152.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-11-16 96408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-11-16 735960]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 AVFSFilter;AVFSFilter;c:\windows\system32\drivers\avfsfilter.sys --> c:\windows\system32\drivers\avfsfilter.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-30 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-30 30104]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 vmfilter323;323 filter service, Normal;c:\windows\system32\drivers\vmfilter323.sys [2007-5-7 476672]
S3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);c:\windows\system32\drivers\usbvm323.sys [2007-5-7 244864]

=============== Created Last 30 ================

2009-12-31 14:32:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 11:47:13 0 d-----w- c:\docume~1\alluse~1\applic~1\clp
2009-12-31 11:46:12 0 d-----w- c:\docume~1\jackson\applic~1\Common Toolkit Suite
2009-12-31 11:44:38 0 d-----w- c:\docume~1\alluse~1\applic~1\Common Toolkit Suite
2009-12-31 11:36:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{7516B6E8-5C01-4895-B079-DFC32A4ADEE1}
2009-12-31 11:36:16 0 d-----w- c:\docume~1\jackson\applic~1\Fighters
2009-12-31 11:14:56 0 d-----w- c:\program files\TrendMicro
2009-12-31 09:06:37 0 d-----w- c:\docume~1\jackson\applic~1\Tific
2009-12-31 08:54:03 0 d-----w- c:\windows\system32\drivers\NAV
2009-12-31 08:43:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 08:43:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 08:43:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 20:54:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-30 20:54:47 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-30 20:54:42 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-30 20:40:35 0 d-----w- c:\docume~1\jackson\applic~1\AVG8
2009-12-30 13:42:01 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-30 10:29:34 0 d-----w- C:\SMCLpav
2009-12-30 10:26:55 0 d-----w- c:\docume~1\alluse~1\applic~1\CA-SupportBridge
2009-12-30 10:03:07 73038 ----a-w- C:\BdUninstallTool2009.12.30-10.03.06.reg
2009-12-29 16:34:26 0 d-----w- c:\program files\common files\PC Tools
2009-12-29 13:05:06 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2009-12-29 12:28:19 0 dc-h--w- c:\windows\ie8
2009-12-29 10:27:47 0 d-----w- c:\program files\ESET
2009-12-26 17:04:01 0 d-----w- c:\docume~1\alluse~1\applic~1\MumboJumbo
2009-12-26 17:03:17 0 d-----w- c:\program files\common files\Oberon Media
2009-12-26 17:03:05 0 d-----w- c:\program files\Oberon Media
2009-12-26 17:03:04 0 d-----w- c:\program files\Virgin Media Games

==================== Find3M ====================

2009-11-16 09:06:50 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-11-16 09:03:36 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-11-16 08:56:12 116520 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-11-06 15:30:16 206168 ----a-r- c:\windows\fonts\NokiaStandard Multi.TTF
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2008-08-08 17:33:41 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080820080809\index.dat

============= FINISH: 15:10:30.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 leedsfan2

leedsfan2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 13 January 2010 - 10:25 AM

Further to my last post I would note the following:-

Searching the net I came across the following on the Eset main site, search Olmarik, Standalone malware removal tools

http://72.3.228.197:8226/esetkb/index?page...d=1263395268354

Basically ran the tool, it removed the Olmarik Trojan in about 5 seconds clapping.gif this has now allowed, Exe. downloads to run, All AV progs. to run as normal, Etc. Etc. then ran as per BC instructions for Spyware Removal ( Malware Defense) mbam found and removed various other issues and all seems normal now. The only issue I have now is that DDS still states AV: Malware Defense *On-access scanning enabled* for the life of me cant find anything anywhere.

Anyhow that where I am I realise no one has looked at the issue (that seems very small now) yet, but thanks anyhow.

This might help others

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 16 January 2010 - 02:00 PM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 17 January 2010 - 07:52 PM

Can this topic be closed then or do you want help removing the remnants from the PC?
Posted Image
m0le is a proud member of UNITE

#4 leedsfan2

leedsfan2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 18 January 2010 - 05:42 AM

Thanks for your reply, I would like to clear the remnants with your help if possible,


#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 18 January 2010 - 04:46 PM

Okay, it looks like some registry entries are still present.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :regfind
    28e00e3b-806e-4533-925c-f4c3d79514b9

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#6 leedsfan2

leedsfan2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 19 January 2010 - 05:30 AM

Thanks for the reply

Look File:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:26 on 19/01/2010 by Jackson (Administrator - Elevation successful)

========== regfind ==========

Searching for "28e00e3b-806e-4533-925c-f4c3d79514b9"
No data found.

-=End Of File=-

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 19 January 2010 - 07:53 AM

Nope, that's gone.

Let's run a couple of scans in succession.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Thanks thumbup2.gif


Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 23 January 2010 - 07:25 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 leedsfan2

leedsfan2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 24 January 2010 - 10:57 AM

Sorry for the delay, the logs are as follows, MBAM log complete but getting 732,0,0 update error, as noted in your forums this is a problem their end, reloaded MBAM just in case it helped with updates.

Malwarebytes' Anti-Malware 1.43
Database version: 3458
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/24/2010 14:41:55
mbam-log-2010-01-24 (14-41-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 197011
Time elapsed: 1 hour(s), 9 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Ran Eset online scanner no threats detected, however i was not given an option to see or copy a text file?


Thanks



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 24 January 2010 - 06:51 PM

That's a clean PC, leedsfan2.


You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it, good luck against Spurs in the cup and happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#11 leedsfan2

leedsfan2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 AM

Posted 25 January 2010 - 05:08 AM

Thanks for all your help, great site keep up the good work. 2-2 not bad, penalty 96th min lol must have had the Man United ref playing for us.

Thanks again

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:14 PM

Posted 30 January 2010 - 02:31 PM

Manchester United refs are all over the Prem. hysterical.gif

------------------------------------------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users