Congratulations! Your system is now clean.
First, since we used a "healthy" computer to transfer tools back and forth, I would suggest running a full system scan with an antivirus tool on the alternate computer. If you do not have an antivirus tool on the secondary system, there are a few free versions listed further below. I would also suggest running MBAM on that computer as well.
- Download OTL to your desktop
- Open OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:OTL @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF61E54 @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB689DEA @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94213A87 @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7091055F @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379 :Services :Reg :Files :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
- Then click the Run Fix button at the top
- You may be asked to reboot - if so, choose Yes
We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
- Click the Start button
- Click Run...
- Type Combofix /Uninstall in the run dialog box and click OK
Remove Other Tools
- Download OTC to your desktop and run it
- Click CleanUp! to begin the cleanup process and remove our tools, including this application
- You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes
Clean Temporary Files
- Download TFC to your desktop
- Open the file and close any other windows
- It will close all programs itself when run - make sure to let it run uninterrupted
- Click the Start button to begin the process - the program should not take long to finish its job
- Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes
Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
- Go to Tools (drop-down menu at the top of the window)
- Go down and click Folder Options
- Click on the View tab
- Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
- Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
- Click Apply, and then Ok at the bottom.
- Close the window
Below are links to several programs that will help protect your computer.
I recommend downloading and installing all of the following applications.
- SpywareBlaster keeps spyware from installing on your system - read the tutorial here
- SpywareGuard protects your browser and computer in real time - read the tutorial here
- SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here
Other things to keep in mind.
Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.
Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
- Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
- ERUNT (Emergency Recovery Utility NT) - a registry backup utility
- Cobian Backup - a very good backup utility - read the tutorial here
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.
Finally, please take the time to read the following articles. Applying this information will help prevent future infections:
How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112
This article will help you understand how you may have gotten infected:
How did I get infected in the first place?
Remember, you have to be smarter than the bad guys! Be safe out there!