[hammerman]

Hi,

I think you should post a new topic in the Vista forum here and let the tech experts check out your CD-ROM drive. I don't think it's malware related.

When you post the topic, please add a link to this topic so they know what has happened and let them know I've been helping you.

Let's remove the tools we've been using first.

Please follow these steps.

-- Step 1 --

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

-- Step 2 --

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

-- Step 3 --

• Click Start and then Run... (Vista users press the Windows Key + R to bring up the Run box.)
• Copy and paste the following in the Run box and then click on OK.
  
  maxlook -cleanup
  
  
• A black box should appear briefly and then disappear.
• Delete maxlook.exe from your desktop

-- Step 4 --

Delete GMER, TDSSKiller, RootRepeal and any logs produced.


Here are some measures you can take to ensure that your computer remains clean.

1. Updates

Windows Updates

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. It is recommended that you set Windows to check, download and install your updates automatically.

• Click Start
• Select Control Panel
• Click on Automatic (recommended)
• Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
• Click Apply then OK.

Java Updates

As with Windows, Java also needs to be regularly updated to fix security vulnerabilites. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

• Click Start
• Select Control Panel
• Select Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

Adobe Updates

You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. You can download the latest reader and updates from here.

Other Updates

Regularly check for updates for all your security programs including firewall, antivirus, antispyware etc

2. Security Programs

Here is a list of security programs that I would recommend.

Firewall

A firewall is essential to stop hackers infiltrating your computer. The following firewalls are free for personal use. Do not install more than one firewall.

Zone Alarm is an excellent free basic firewall which is very easy to use.
Online-Armor Free is a more advanced firewall which includes a Host Intrusion Protection System (HIPS). This ensures that unrecognised programs will not run unless you give permission.

Antivirus

An antivirus program is essential. The following antivirus programs are free for personal use. Do not use more than one antivirus and always update virus definitions regularly.

AVG
Avira Free
Avast

Anti-Malware

Malwarebytes Anti-Malware MBAM is an excellent anti-malware tool that should be updated and a Quick Scan performed regularly. A Full Scan does not have to be carried out on such a regular basis as the developers aim to detect the vast majority of malware with the Quick Scan. The scanner is free for on-demand scans only.

Ad-Aware, Spybot, SuperAntispyware and A-Squared Free are also very good anti-malware programs that are free for on-demand scans. Spybot has a real-time protection feature called TeaTimer.

Prevention

SpywareBlaster is an excellent free tool for preventing the installation of spyware.
SpywareGuard offers real-time protection so that spyware is detected and blocked before it can do any harm.

Cleaner

ATF Cleaner removes temporary Internet Explorer, Firefox and Windows files.

Browser

Firefox is an alternative browser to Internet Explorer and is more secure.
NoScript is an add-on for Firefox and prevents execution of malicious scripts.
MVPS is a HOSTS file to replace your existing file. This prevents you connecting to a list of well-known ad sites.

[Advertisements]

Hi,

I know I have been asking you alot of questions but it's better to be informed than uninformed. I read about this virus before and heard it can be very viscious. How do I know this virus is really gone or completely removed?

[Serine]

Hi,

I know I have been asking you alot of questions but it's better to be informed than uninformed. I read about this virus before and heard it can be very viscious. How do I know this virus is really gone or completely removed?

[hammerman]

Hi,

The log's you posted show that the rootkit has been removed. Apart from the problem you have with the CD-ROM drive, are there any other problems? Google redirects, pop-ups?

[Serine]

The only thing I'm concerned about beside my CD-ROM is the fact that microsoft silverlight installed itself on my computer on its own. At first, I thought it was an automatic automatic update but why is a program that I don't have considered an update? So I'm wondering why this program is on my computer to begin with.

[Serine]

Another thing I'm concerned about is the fact that everytime I close my internet explorer data execution prevention comes up and says it's stopping explorer even though I have already closed it. It says "Internet Explorer was closed, To help protect your computer, Data Execution Prevention has closed Internet Explorer. Click here to learn more."

[hammerman]

Hi,

I believe that Silverlight is an optional Windows update and can optionally be installed as part of other MS packages. Plenty of opportunity for Silverlight to get on your system. You can uninstall it if you wish.

See if you still get the DEP message if you run IE without add-ons. Select Start > All Programs > Accessories > System Tools > Internet Explorer (No Add-ons)

[Serine]

Okay thank you I was worried about that. I tried this and I didn't get the message.

[hammerman]

hi,

Use the IE Manage Add-Ons tool to disable all Add-Ons, start IE in normal mode then re-enable the add-ons one at a time, testing as you go, to work out what which product is causing a problem.

[Serine]

I disabled all of my add ons and re enabled them one at a time and I didn't get the Data Execution message when i re enabled any of them.

[hammerman]

Hi,

Any other problems apart from your CD-ROM drive?

[Serine]

No, not that I've noticed.

[hammerman]

In which case, I'll close this topic. I suggest you post in the Vista forum for help with your CD-ROM drive.

[hammerman]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.