Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware on my pc


  • This topic is locked This topic is locked
12 replies to this topic

#1 mrkband

mrkband

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 04 March 2012 - 08:21 PM

I am trying to clean malware off of my PC.
I have used AVG and Malwarebytes both which found viruses (sorry I don't remember the exact names).
At the suggestion of my website host I ran Combofix and I have a log.txt file

Is there someone who can look at it and tell me what to do next?

BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:26 PM

Posted 07 March 2012 - 01:33 PM

Hello mrkband,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Please take note:
  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
  • If you are unsure about any of these characteristics just post what you can and I will guide you.


Please tell me if you have your original Windows CD/DVD available.
<li>If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
<li>If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
<li>Upon completing the steps below I will review your topic an do my best to resolve your issues.
<li>If you have already posted a DDS log, please do so again, as your situation may have changed.
<li>Use the 'Add Reply' and add the new log to this thread.


I need to see some up to date information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


I also need a new log from the GMER anti-rootkit Scanner.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




In your next reply, please copy/paste the contents of the following:
  • DDS.txt
  • Attach.txt
  • GMER.Log
  • ComboFix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:26 PM

Posted 11 March 2012 - 06:11 AM

Hello mrkband,

I have not had a reply from you for more than 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#4 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 11 March 2012 - 11:50 AM

I'm Sorry. I didn't know you couldn't help other people. I have been very busy and a little overwhelmed with the list of things to do for this. I've attached the combofix log that I did on March 4th. Presently AVG and Microsoft security Essentials do not find a new virus.
However, I just ran malwarebytes full scan again and it found a trojan downloader in a game that I never use where there was no trojan last week. I am also attaching that report.

I will now start going through your post to understand what else I should do.

I am on break this week so I have more time. I am very sorry that I have delayed.

I'm on Eastern Standard Time (NY time) so we're probably a few hours a part.

Attached Files



#5 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 11 March 2012 - 12:41 PM

I'm attaching the ddr
but I can't figure out how to zip the attach file... I know that is simple but evidently I don't have zip software. perhaps you can recommend a free zip?
i don't understand the defogger thing ... I'm getting confused.
I'm a pretty good computer user but this is all new to me.

I'm trying to avoid a re-format but maybe that is what I should do. especially with this virus or worm jumping around into other software.

Attached Files

  • Attached File  dds.txt   11.85KB   2 downloads


#6 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 11 March 2012 - 03:50 PM

Okay I figured out one way to zip something (right click send to)
By the Way I'm using Windows XP
Another problem I'm experiencing is that I have 4 Office 2003 updates that are ready but won't install. I think it is related
Attached is a new dds and the zipped attach file

Attached Files



#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:26 PM

Posted 12 March 2012 - 04:32 PM

Hello mrkband,

I still don't see your GMER log. Could you make sure you run GMER and copy/paste it's log in your next reply.

So far things are looking pretty good - MBAM picked up 1 bad guy and removed it.

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan
  • GMER log


How is your machine running now? What issues do you see?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 13 March 2012 - 09:30 AM

attached is the GMER log. next I will run the other

Attached Files

  • Attached File  gmer.log   12.23KB   4 downloads


#9 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 14 March 2012 - 12:54 AM

The ESET online scanner might work a little different than in your directions, unless I used it incorrectly. Maybe it has changed.
It did not allow a log that I could see so I have posted a screenshot of the results which says no threats found.

Attached Files



#10 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 14 March 2012 - 10:19 AM

can we delete this post and all the attachments when we finish? I'm nervous aout what info someone mighe gain by downloading the files I posted. I notice that some have been downloaded twice.

#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:26 PM

Posted 14 March 2012 - 12:29 PM

Hello mrkband,

can we delete this post and all the attachments when we finish? I'm nervous aout what info someone mighe gain by downloading the files I posted

The logs we request contain no password or personal information. We tend to leave posts online to allow others to learn from.

I notice that some have been downloaded twice.

That's me checking logs again - you will now see some opened 3 times :)


Good work - your computer is clean :thumbsup:

Just a couple of housekeeping tasks now.

We need to delete ComboFix:

Please rename ComboFix.exe (right click ComboFix and select Rename) to Uninstall.exe and double click on it.

====================================================================================

Except for Malwarebytes, you can simply delete all other tools we used as they don't un-install.


Things to do to stay safe:

  • Make sure Windows Updates (including Internet Explorer) are current. Follow instructions here
  • Run Malwarebytes "Quick scan" once in a week to assure safety of your computer.
  • Download and install Secunia Personal Software Inspector (PSI): The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
  • When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.
  • ReadHow did I get infected?, With steps so it does not happen again!

Happy and safe surfing!


Can you reply to say whether you have any more issues or not. If not we can close this topic.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 mrkband

mrkband
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 14 March 2012 - 01:02 PM

Thanks for your help. Yes we can close this post. I will work on all the things you mentioned

#13 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:26 PM

Posted 15 March 2012 - 09:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users