[Jimmy2012]

Hello toyma,

No luck this time either. It downloaded the Fsecure program, and the moment it started scanning, it rebooted.

Ok, lets try this scanner before trying something else.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

[Advertisements]

Hi Jimmy,

Here is the report from Dr Web.

Thanks again!!


Combo-Fix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Thelma\Desktop\Combo-Fix.exe;Program.PsExec.171;;
Combo-Fix.exe;C:\Documents and Settings\Thelma\Desktop;Archivo comprimido contiene objetos infectados;Movido.;
Fpxxdugd.exe;C:\Program Files\Asistente Prodigy;probablemente DLOADER.Trojan;Eliminado.;
RemTecAcc.exe;C:\Program Files\Asistente Prodigy;Program.RemoteAdmin.origin;Eliminado.;
A0000358.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8\A0000358.exe;Program.PsExec.171;;
A0000358.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8;Archivo comprimido contiene objetos infectados;Movido.;
A0000361.EXE;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8;Program.PsExec.170;Eliminado.;
A0007469.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9\A0007469.exe;Program.PsExec.171;;
A0007469.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Archivo comprimido contiene objetos infectados;Movido.;
A0007478.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Probably DLOADER.Trojan;Deleted.;
A0007479.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Program.RemoteAdmin.origin;Deleted.;

[toyma]

Hi Jimmy,

Here is the report from Dr Web.

Thanks again!!


Combo-Fix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Thelma\Desktop\Combo-Fix.exe;Program.PsExec.171;;
Combo-Fix.exe;C:\Documents and Settings\Thelma\Desktop;Archivo comprimido contiene objetos infectados;Movido.;
Fpxxdugd.exe;C:\Program Files\Asistente Prodigy;probablemente DLOADER.Trojan;Eliminado.;
RemTecAcc.exe;C:\Program Files\Asistente Prodigy;Program.RemoteAdmin.origin;Eliminado.;
A0000358.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8\A0000358.exe;Program.PsExec.171;;
A0000358.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8;Archivo comprimido contiene objetos infectados;Movido.;
A0000361.EXE;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP8;Program.PsExec.170;Eliminado.;
A0007469.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9\A0007469.exe;Program.PsExec.171;;
A0007469.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Archivo comprimido contiene objetos infectados;Movido.;
A0007478.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Probably DLOADER.Trojan;Deleted.;
A0007479.exe;C:\System Volume Information\_restore{645791E1-4C45-45E5-B2F9-87E480DAD5CA}\RP9;Program.RemoteAdmin.origin;Deleted.;

[Jimmy2012]

Hello toyma,
Your logs look clean.
Just a few more things to do.


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Please download OTCleanIt and save it to your Desktop.

• Double-click OTCleanIt.exe
  
• Click the CleanUp! button to begin removing tools used to clean your computer
  
• If you are prompted to Reboot during the cleanup, please select Yes

Please remove any leftover tools used to clean your computer.


The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

[toyma]

Hello Jimmy,

So far, so good! I've done everything you suggested and I'm downloading all the updates from Microsoft. I'll check on it tomorrow and let you know.

Thanks again for all the patience and help !!!!

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.