Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help regarding Sality.Y removal leftovers


  • Please log in to reply
11 replies to this topic

#1 SidMax

SidMax

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 09 June 2013 - 12:35 PM

Yesterday I used the tool provided by avast in order to remove Sality.Y from my windows instalation. It did a boot-time scan, and cleaned about 400 files, if not more. However, I still believe there are some leftovers or other malware still inside the computer. My assumptions are based on the different behaviour the computer has since its infection.

 

Can you help me track and remove them? Thank you.



BC AdBot (Login to Remove)

 


#2 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 09 June 2013 - 01:08 PM

What kind of different behavior is your computer showing? Anyways, to begin with, lets scan with Malwarebytes Anti Malware.


3dsig_zpsd150d538.png

 


#3 SidMax

SidMax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 09 June 2013 - 01:12 PM

Behaviour faults: slow application startup (especially browsers), sudden freeze for a few seconds, slow OS startup. I scanned with Malwarebytes AntiMalware yesterday after removing Sality. It found a single file infected with Tr.Crypt and removed it (required a restart). Should I scan again?



#4 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 09 June 2013 - 01:57 PM



Behaviour faults: slow application startup (especially browsers), sudden freeze for a few seconds, slow OS startup. I scanned with Malwarebytes AntiMalware yesterday after removing Sality. It found a single file infected with Tr.Crypt and removed it (required a restart). Should I scan again?

Scanning again with MBAM should be unnecessary, instead run scans with the following: 

 

Reply back with the logs of Adw cleaner and Junkware Removal tool. 


Edited by im abcd, 09 June 2013 - 01:58 PM.

3dsig_zpsd150d538.png

 


#5 SidMax

SidMax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 09 June 2013 - 03:11 PM

ADW Cleaner log
 
# AdwCleaner v2.303 - Logfile created 06/09/2013 at 23:08:06
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : MadMaxx - MADMAXX-AF1FE0E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\MadMaxx\My Documents\Downloads\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Documents and Settings\MadMaxx\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [883 octets] - [09/06/2013 23:08:06]
 
########## EOF - C:\AdwCleaner[R1].txt - [942 octets] ##########
 
JRT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by MadMaxx on Sun 06/09/2013 at 23:08:50.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
Successfully deleted: [File] C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\dll-files.com fixer"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/09/2013 at 23:10:34.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 05:09 AM

Alright, do you see any noticeable difference in your speed after running those scans? Also, give me a screenshot of your startup. 


3dsig_zpsd150d538.png

 


#7 SidMax

SidMax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 06:03 AM

What I'm getting now is an error with a missing dll. I'll be back with the screenshots as soon as I get home from work.



#8 SidMax

SidMax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 07:27 AM

Here's the screenshot of the startup.

 

5Wh56kX.png



#9 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 01:27 PM

If you do not use the Intel Hot key function, disable Hkcmd. Same with Yahoo messenger; if you do not use it every time the PC starts, disable it. Other than that, the start up looks fine to me. You told of a DLL error, but you never gave a screen shot of it? P.S You never answered my original question. Has you PC performance improved after running the above utilities?

 

Regards,

Abcd. 


3dsig_zpsd150d538.png

 


#10 SidMax

SidMax
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 02:41 PM

As I said, the performance slightly improved (for example no more sudden freezes). I fixed the dll error; it was due to missing Net Framework components, which where removed during the disinfection.

 

For now, I think it's safe. Thank you for your time!



#11 im abcd

im abcd

  • Members
  • 167 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 AM

Posted 10 June 2013 - 03:28 PM

As I said, the performance slightly improved (for example no more sudden freezes). I fixed the dll error; it was due to missing Net Framework components, which where removed during the disinfection.

 

For now, I think it's safe. Thank you for your time!

Happy to help, safe surfing. :)


3dsig_zpsd150d538.png

 


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:39 PM

Posted 10 June 2013 - 07:22 PM

Hello please run one more.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users