Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several infections cleaning need help to be sure to be clean


  • This topic is locked This topic is locked
6 replies to this topic

#1 Warfester

Warfester

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 05 February 2014 - 12:45 PM

Greetings,

 

First of all, I am very pleased with the work you people do for many others. I appreciate this site and all it's "workers" efforts to help people with all kinds of technical issues.
When I was no member, I occasionally looked here for more information about malware in particular.

I have some knowledge about computers and malware. But I really could use the experienced advise of the hardcore anti-malware fighters like you.
 

My mother has standard knowledge of computing, but in means of security or more thorough system configuration she depends on me to secure her desktop. She uses her desktop to listen music, watch YouTube, surf the web for information, emailing, and various office stuff.

 

Because I am very busy with my own life, I cannot Always make the system very secure. Now that I had some more time I found several pieces of malware. Some of them were PUP with no high risks, but there were higher risks malware including an exploit drop, and an exploit bug used in flash player, but I detected more and more, the Vundo pup, the SweetIm, and I had suspicion that harder stuff was going on... I also heard my mother speaking of very slow computer speed, Internet speed, so I had reasons enough to scan very thorough..

 

I first safemode-booted with networking and started to scan with MBAR for the first signs of Rootkits, it found 4 of the same in the recycle bin that were hidden offcourse... I went on with MBAM-PRO in safe-mode netw. And found more stuff. To be certain I added the Emsisoft Antimalware (Internet Security), It uses Bitdefender rules + own added.. I scanned and found some tracking cookies not really a treath... AND Bitdefender TS 2014. To be sure I safemode-booted alone with CMD and ran MBAR, MBAM, Emsi, Bitdef, and restored system configuration with RKill... I also did a ADWcleaner search...
 

I found many stuff all successfully cleaned and some after reboot... Scanned again, scanning in normal mode now with bitdef and mbam...

What I want to say also that I know there are other stuff needed to be done, there were some bad applications installed like utorrent and I also know that using 2 or more firewalls and 2 or more on access scanners isn't well, but I needed to be quick and hard to this stuff.

In the meanwhile I uninstalled the crappy softwares on the system and did other cleaning up...
 

I also know that using ADWcleaner and RKill before you asking it isn't considered very good... When I did this I was not yet a member and had to act quick..

Now sorry for the long story... now the question(s)...

 

1. Can I post you the logs of the cleaning up with the detected and solved issues for you to determine if more action against the infections is needed or the system is clean?

 

2. Knowing that the all-combo of those applications I used to clean is not an option, what AV's would I keep active? (MBAM and MBAR normally doesn't conflict as extra defense with another AV so I can keep that also?)

 

3. Knowing that the 2 firewalls (Windows, Bitdefender (Emsisoft armor is not active but installed by default) ) Should I keep windows on or Bitdefender? Or is Emsisoft very reliable? (Might consider that emsi uses lot of mem and for this desktop that might be a reason not to use it?).

4. I heard, read a lot good stuff about Bitdefender 2014. I know many sites will faulty do as if they compare AV's with thorough tests but they are just promotion tools, but I have informed myself over and over to people, ICT'ers and looked with a suspicious eye for more reliable websites... It also uses less mem then much other AV's... Am I right about this?

 

5. I also installed and used Secunia Psi to detect 3th party software that is outdated... To be sure I don't do harm I double check on 3th party developer website... Is Secunia reliable enough to set on automatic updating (because I'm not always around for helping updating mom's software)

 

6. I also know I need more cleaning up to do (browser cache, temp files, registry check, backup and restore points, etc..) I can do almost everything myself within windows integrated tools itself, and set things to automatic to cleanup in periods.... But registry I cannot do with windows integrated as you know, so I need to rely on other automatic software... What software is reliable to do the job without harm? Momentarily I don't cleanup reg very much, because I lack exp for what is a reliable tool for that and I don't want to inflict harm... I ran the with Bitdef integrated regcleaner 1 time now but I need further advise for further cleaning in future...
 

 

That was it, sorry for the long story but I wanted to be thorough and clear. I would appreciate any help at cleaning my mothers computer and setting things to a good standard. If all questions are very much to work with, then plz give priority at the malware issue's and a short advice for AV/Firewall config....

Again, many thanks and appreciation for all your efforts that help many people...

As for now my bank policies cannot be set for a donation, but later on it might be possible.. If possible in future for me, I will make a donation to help you help other people and for the appreciation I have for that..


With respect,

 

Warfester


 


 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 PM

Posted 10 February 2014 - 12:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523287 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Warfester

Warfester
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 11 February 2014 - 01:47 PM

I will provide all information tomorrow (Wednesday) because I am at my mother and can work on the infected computer.



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:01 PM

Posted 12 February 2014 - 11:04 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
When you get the DDS log go ahead and post that please and then do the following...
 
--------------------------
 

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Warfester

Warfester
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 13 February 2014 - 08:34 AM

Hello Jef..

 

First of all thank you for the response and giving aid to me. I appreciate this website very much and know the expertise "on the field" that you people offer is worth very much.

I have to inform you that I think the topic needs to be closed now. When I went to my mother to fix her computer with your instructions, the infections were at their worst.
My mother had me backup her needed files and photo's on a USB-stick. They will be tested for infections. My mother asked me to do a clean re-install of the whole system. So that I did.

Whole the computer is formatted and installed as new. There are no infections left due to a complete clean re-installation of the computer. I checked that no virus could be left in "sleep-state" that could emerge later.

All systems are in the green and I made preparations for a better method to keep her computer clean from nasty infections. I also made preparations for keeping her desktop up-to-date to shield it from vurnabilties.

Again, thank you for your much appreciated help. But with my mothers acceptance of a clean re-install, I could eradicate everything and I guess the topic can be closed.

 

With respect,

 

 

 

Warfester

 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:01 PM

Posted 13 February 2014 - 10:04 AM

Ok that sounds great!!  Thanks for letting us know.  :) 


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:01 PM

Posted 13 February 2014 - 10:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users