Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

viruses galore [RESOLVED]


  • This topic is locked This topic is locked

#1
LSUFan

LSUFan

    New Member

  • Member
  • Pip
  • 8 posts
Please help me. I have viruses I cannot get rid of and they are on my business laptop.
the viruses I have found and cannot remove include
win32:trat-c[drp], and win32:tratBHO[trj], and a sstsp.dll file is infected.
also a keylogger.generic has popped up.
programs I am running are Spydetector, and avast antivirus. I have already run Hijackthis and ComboFix something.
all the software keeps finding the viruses and removing them, but they keep coming back.
it seemed those were some things you would need.

thanks

1 LSU fan

Attached Files


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Hi, LSUFan :)

Welcome.

Download the enclosed file to your desktop, next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.
  • 0

#3
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i want to add, i have also turned off system restore, I think.
attached are the two logs.

Thanks
Geaux Tigers

Attached Files


  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Hi, LSUFan :)

Download the enclosed file to your desktop, next to Combofix.

Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log.
  • 0

#5
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here are the two logs.

Thank you.
Elll Esss U fan

Attached Files


  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
All seems clear. Lets check for remnants:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
attached is the mbam report.
Question.
Should I be restarting the comp after each posting?
I havn't restarted since we have started this process unless you told me to.

Thanks.....
CRAZY Tiger fan

Attached Files


  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Hi, LSUFan. :)

All clear, congratulations.Posted Image

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


    • Posted Image

  • If the disclaimer notice is displayed, select "2" and press Enter

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.
Create a Restore point (If the above process fails):
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes! Posted Image
  • 0

#9
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your help.
Can I reinstall the avast and the spyware detector?
Do you think they are infected and I should download them from the web again?

And also, do you think I should reinstall the Spybot SD and the AdAware?
I had such problems with the virus with them.
Will they clash with avast and Spyware Detector?

LSU Fanatic
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

Thank you for your help.
Can I reinstall the avast and the spyware detector?
Do you think they are infected and I should download them from the web again?

And also, do you think I should reinstall the Spybot SD and the AdAware?
I had such problems with the virus with them.
Will they clash with avast and Spyware Detector?

LSU Fanatic

Spyware Detector is Adware. Do not use this program. The rest can be removed and reinstalled
  • 0

#11
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Are you saying dont use the spyware detector? I think the name is actually Spyware Detector by Max Secure software.
Is that the program that is adware and I need to uninstall it.

After the virus disaster I just went thru and all the problems it caused me, I am eagerly gonna listen to any and all recommendations you might have.

Thanks so much for the info.

LSU fanatic

Edited by LSUFan, 16 February 2008 - 10:36 PM.

  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts

Are you saying dont use the spyware detector? I think the name is actually Spyware Detector by Max Secure software.
Is that the program that is adware and I need to uninstall it.

After the virus disaster I just went thru and all the problems it caused me, I am eagerly gonna listen to any and all recommendations you might have.

Thanks so much for the info.

LSU fanatic

Perhaps I went too far when stated it was Adware. It is a programs that was flagged as Rouge due to false positives. I still resist the use of these programs as there are better options. See here:

http://www.2-spyware...e-detector.html

http://www.spywarewa...m#swdetect_note
  • 0

#13
LSUFan

LSUFan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
very interesting articles. I will follow some of the links and read more.
Thanks again for the help and....
Geaux Tigers....

LSU Fan
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,939 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP