[azolat]

I've run the scan two additional times today with the same result

[Advertisements]

Ok, We'll try another one:

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
• Review the licence agreement and click on the Accept button
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
• In the main window, you will see each of the entries found by the scan (if any)
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
• When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

Thanks

[sarahw]

Ok, We'll try another one:

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

• Once you have downloaded the file, double click the sarsfx icon
• Review the licence agreement and click on the Accept button
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
• In the main window, you will see each of the entries found by the scan (if any)
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
• When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

Thanks

[azolat]

Got all the way till I had to run the program, at which point a pop up said the program does not support Windows Vista.

[sarahw]

Hi,
Can you boot into safe mode and run a scan with the On Demand scanner as per its instructions to see what it finds.
Let me know what happens.

Edited by sarahw, 21 March 2008 - 12:54 AM.

[azolat]

ok, the scan just finished and it says nothing found.

[sarahw]

Your logs are clean, I can't see anything that would indicate a Rootkit or other Malware was installed. Alot of Antivirus software have false positives, in an attempt to alert you to dangers that might actually be harmless, or caused by a regular program installing itself.

Please download OTCleanIt from HERE to your desktop.
Double click to run it. It will clean up the assortment of tools used during malware removal. When it has finnished, it will ask you to reboot so it can remove itself.

A well protected computer should have at least an Anti Virus and Firewall, an Anti Spyware is also great addition to your computers security. Here is a list of tools I like to recommend to people that will help ensure safe surfing on the internet, and to help you from getting infected again.
Note: DO NOT install more than one antivirus or Firewall program. They will conflict, and provide less protection, not more. Uninstall any existing Anti Virus\Firewall programs if you're going to install a new one.


Free Online Scans:
Free Active X and Java based online scans. You can use these scans from other companies and it will not interfere with your current Anti Virus. If you find that you are infected, post a Hijack This log in the forums.

• Kapersky online scan
• Panda Online Scan
• F-Secure Online Scan
• TrendMicro HouseCall online scan
• Bit Defender online scan

Free Temp Cleaners:
Use these tools to clean temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. ATF cleaner recommended.

• CCleaner
• ATF Cleaner

Free Firewall Downloads:
You must have a Firewall installed on your computer. This helps stop anything from leaving or entering your computer without your permission.

• ZoneAlarm
• Kerio Firewall

Free Anti Spyware Downloads:
An Antispyware is a great tool that can help remove infections along side your Anti Virus. Some include real time protection, scheduled scans and automatic definition updates.

• AVG Antispyware
• A-Squared Antispyware
• SpywareGuard
• SpywareBlaster
• SpywareTerminator
• Spybot Search & Destroy
• Ad Aware

Free Anti Virus Downloads:
A must have for all computers. Avast! recommended.

• SpywareTerminator With ClamAV Enabled.
• AntiVir
• Avast!
• Grisoft AVG
• Bit Defender Free
• a² Free
• Comodo BOClean
• SuperAntiSpyware

Other:

• SpywareGuard
  Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
• IE-SpyAd
  This tool puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
• Memtest86
  Great memory testing software.
• CPU-Z
  This application gives detailed information about your system in a nice layout
• Speedfan
  Returns and monitors system temperatures.
• Windows Updates
  It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You can now Rehide your system files by using the reversal of these instructions HERE



To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read THIS article by Tony Klein.


If you have any other problems or questions be sure to ask.

Edited by sarahw, 24 March 2008 - 07:35 PM.

[azolat]

ok, thank you so much for your help!

[azolat]

sorry, one more thing, the link to OTcleanup is not working, is there someplace else to get it?

[sarahw]

Hi,
Sorry about that, the name and link has changed and I forgot to update my links. It should work now.

[sarahw]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.