Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Security 2010 Virus post-infection?


  • Please log in to reply
No replies to this topic

#1 mn_danger

mn_danger

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Location:oklahoma city, ok
  • Local time:08:38 PM

Posted 28 July 2010 - 04:30 PM

Running Windows XP (SP2 I think). Somehow contracted IS2010 virus. Internet search for removal--BC said to use rkil and MAB.

Already had MAB loaded. Updated database and ran MAB. Didn't run rkil because <--dosen't read instructions well! :thumbsup:

I have "Avast 4-point-something" running and blocked several trojans during the process.

Ran MAB, IS2010 popups still showing. MAB detected files and I deleted again.

Rebooted, IS2010 came back. Avast blocked some trojans again. Ran MAB again; MAB detected files and I deleted again.

Rebooted, IS2010 came back. Now I am mad. :flowers:

I unplugged my ethernet cable. Downloaded rkil and most recent MAB to thumbdrive. Ran rkil from thumdrive, IS2010 killed.

Reinstalled MAB and ran, deleted found files. Ran AVAST, no files detected. Noticed folder location of process running that rkil stopped, so I decided to look in that folder. Found many other malicious looking .exe files (e.g. 'destr0yer .exe and 'bleepfu.exe', etc).

Reconnected to internet, updated MAB, updated AVAST, updated Spybot and AdAware. Ran MAB, AVAST and Spybot, but not AdAware because I did not want to reboot again. All scans showed negative, even though the malicious .exe files remained.

I was concerned that because I had rebooted twice during the cleaning that there was a chance that something had been placed in root directory.

Followed all instructions, from BC, for running defogger, system snapshot, GMER and the like. Did not see anything that indicated infection of root directory.

Updated to AVAST 5.0 and ran scan again. No files detected.

Decided to delete suspcious file out of temp folder. Also found thread for Internet Security 2010 on BC and saw what files IS2010 downloads and where. Many of them matched the suspiscious files I observed. So I felt ok in deleting them (although I reliaze now from reading other posts that perhaps manual removal is not the best idea).

So my question and the reason I am asking for help is this: "How do I know for sure my machine is cleaned properly" Is there anything further I can do? I was thiking about actually buying SpyWare Doctor or something like that. I want to eliminate all pieces, fragments and viral detritus from my system.

I deeply appreciate your time and attention.

Kindest Regards,

Damon
Bleeping dangerous

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users