Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting rid of PSW malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 hms1160

hms1160

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 July 2013 - 10:08 AM

Thanks to my employer who thinks that the IT department should be reactive about viruses in e-mails instead of proactive, I could have infected my machine with the PSW virus via an attachment in an e-mail that looked legitimate and looked like it had come from the employer. When I tried opening the file, the Windows Firewall box popped up and said an unfamiliar program was trying to run, and I chose not to run it just to be safe. I ran a scan with Microsoft Security Essentials, and it quarantined three threats(and I have since removed those threats). Malwarebytes Anti-Malware also found three threats, which I removed via Malwarebytes. I have run HitmanPro and it has found nothing since. I have also run scans in both MSE and MBAM again, and they have turned up nothing now. I've run Kaspersky's TDSS Killer, and it has turned up nothing. So I may be in the clear now. But I just want to be sure, so should I download Combo Fix and have a helper assist me with it since it is so heavy duty? I just want to be 100% sure that I am rid of any and all infections since I do things such as check bank statements online, etc.


*Moderator Edit: Moved topic from Windows 7 to the appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 11 July 2013 - 10:38 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 11 July 2013 - 10:56 AM

Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning a strategy for effective disinfection and a determination if using ComboFix is necessary.

It sounds like you took all the appropriate steps to eliminate the threat. However, I can only go by what the scan logs show (what was detected, removed, suspicious, etc) and your description of whatever signs or symptoms of infection you are experiencing. If you want a more detailed look at your system, then more advanced tools are needed to investigate.

Before that can be done you will need to follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs.
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 hms1160

hms1160
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:00 AM

Posted 11 July 2013 - 12:03 PM

Thanks for the reply. I have done as you instructed. Hopefully everything turns out A-OK!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:00 AM

Posted 11 July 2013 - 12:16 PM

You're welcome.

Your log(s) is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log(s) you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take several days to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.

If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users