Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot remove Troj/mbroot-h - Sophos keeps finding it and I delete it

Started by captainmac1313 , Apr 06 2010 03:56 PM

  • This topic is locked This topic is locked

#16
captainmac1313
Posted 09 April 2010 - 03:52 PM

captainmac1313

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Part 1:
All processes killed
========== OTL ==========
C:\Documents and Settings\Adam\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Adam\Application Data\FrostWire folder moved successfully.
========== FILES ==========
C:\Program Files\FrostWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Adam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9277479 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118233534 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


[EMPTYFLASH]

User: Adam
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04082010_175044

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Part 2: I already had MBAM on my computer and had it updated. Here is the log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3970

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2010 6:06:13 PM
mbam-log-2010-04-08 (18-06-13).txt

Scan type: Quick scan
Objects scanned: 102477
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Part 3:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 9, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 08, 2010 17:27:19
Records in database: 3923499
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 138147
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 05:09:45

No threats found. Scanned area is clean.

Selected area has been scanned.


Part 4:
My computer is running better it seems. However, it did hang up on me after I tried saving the Kaspersky report the first time so I had to run another one. There was also another time I had to reboot because something was hung up. I think it might be my ethernet card. I do know computers somewhat and have been looking at what might be causing this to happen besides maybe a virus or spyware. Also, I am going back to using a wired mouse because the wireless mouse I have, anytime the batteries are low, the notification pops up and almost freezes my computer. One final thing is that when I close a window that is part of the System (i.e. Control Panel, My documents, etc.) ALl of my desktop icons have to reload it seems. The icons lose their pictures for a second or two and then come back.
  • 0

Advertisements

#17
heir
Posted 09 April 2010 - 04:15 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

My computer is running better it seems. However, it did hang up on me after I tried saving the Kaspersky report the first time so I had to run another one. There was also another time I had to reboot because something was hung up. I think it might be my ethernet card. I do know computers somewhat and have been looking at what might be causing this to happen besides maybe a virus or spyware. Also, I am going back to using a wired mouse because the wireless mouse I have, anytime the batteries are low, the notification pops up and almost freezes my computer. One final thing is that when I close a window that is part of the System (i.e. Control Panel, My documents, etc.) ALl of my desktop icons have to reload it seems. The icons lose their pictures for a second or two and then come back.

I don't think these issues are malware related.

To solve them post anew topic in the appropriate subforum and someone will be there to help you.
Please post a link to this topic also.

Now to the best part of the day.


Hey there, captainmac1313 !

OK! Well done, your log is clean again! :)

Time for some housekeeping.

Step 1.
Clean up:

We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:

Click Start>Run and type the following bolded command, then hit Enter.
Note! Make sure you leave a space between helpasst and -cleanup

helpasst -cleanup



Second:
Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Documents and Settings\Adam\Desktop\HAMeb_check.exe
C:\Documents and Settings\Adam\Desktop\HelpAsst_mebroot_fix.exe
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Click the CleanUp button
  • Click Yes to the reboot.

Now delete any tools/logs that is left over after you ran OTL CleanUp.


Third:
Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
System Restore will now be active again.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to download an update.

http://www.adobe.com.../readstep2.html

Remove the older versions and install the latest,


Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!
  • 0

#18
heir
Posted 14 April 2010 - 09:47 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP