[sita999]

Also shall I stick with Clamwin? Or do you recommend another one? Also shall I keep Spyware, Combofix etc?

[Advertisements]

Hi sita999,

Please test your system until tomorrow. I will check your logs and prepare some cleanup. Clamwin does not have realtime scaner. I strongly recommend you to install one of the FREE antivirus tool with realtime scener:

Free Avir Antivir

or

Free AVG

Choose one that you want and install it.

[maliprog]

Hi sita999,

Please test your system until tomorrow. I will check your logs and prepare some cleanup. Clamwin does not have realtime scaner. I strongly recommend you to install one of the FREE antivirus tool with realtime scener:

Free Avir Antivir

or

Free AVG

Choose one that you want and install it.

[sita999]

Hi again

I have been testing for the last 24 hours or so like you said and can report the following:

- I have downloaded AVG free and after 1st scan it removed 2 infections.
- My hotmail is behaving strangely and not letting me reply to emails, when I do it comes back as failed.
- Chrome is quite often saying 'aww, snap!' and the tab kind of crashes.

Otherwise, I think all is ok. Let me know if you want me to do anything and I will.

Thanks again!!

[maliprog]

Hi sita999,

Returning mail is usually related to mail server. Does this happens all the time or just to some mail you try to reply? Did you try using Internet Explorer and reply to email?

Please reinstall Chrome and try to use it again. Sometimes reinstall helps.

Just to be sure...please download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
• This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
• Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

[sita999]

I just went to try and download that but when I tried to open it my computer crashed and went to a blue screen with an error notice saying 'due to a potential threat we have had to shut down' or something like that. I've now uninstalled Chrome and have scanned with AVG again and it found another infection: "";"C:\System Volume Information\_restore{4A38F52C-85DA-4B41-A9C4-B6928E836410}\RP9\A0001273.dll";"Virus identified Worm/Downadup";"Moved to Virus Vault"

I'll try and download that Dr.Web thing now........

[sita999]

It doesn't seem to like Mr.Web at all, I just tried again and it went to that error screen again. Could it be because I now have the AVG real time scanner?

I have to go to bed now but will get back to you again tomorrow! Night!

[maliprog]

Hi sita999,

This is one leftover that AVG is found. We will remove it now.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [CLEARALLRESTOREPOINTS]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the fix log it produces in your next reply.

Test your system after this and let me know.

[sita999]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Hannah Jebb
->Temp folder emptied: 79204263 bytes
->Temporary Internet Files folder emptied: 60363712 bytes
->Java cache emptied: 4334 bytes
->Flash cache emptied: 2819 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7009341 bytes

Total Files Cleaned = 140.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Hannah Jebb
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_103818

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Hannah Jebb\Local Settings\Temporary Internet Files\Content.IE5\KHIFOH6Z\CAGPMVO3.php not found!
File\Folder C:\Documents and Settings\Hannah Jebb\Local Settings\Temporary Internet Files\Content.IE5\KHIFOH6Z\page__st__15[1] not found!
C:\Documents and Settings\Hannah Jebb\Local Settings\Temporary Internet Files\Content.IE5\KHIFOH6Z\xd_proxy[1].php moved successfully.

Registry entries deleted on Reboot...

[sita999]

I seem to be able to reply to emails on Internet Explorer but have not yet downloaded Chrome again.

Thanks!

[maliprog]

Nice to hear that! Good job .

[sita999]

The good job was definitely all your doing, not mine!! Am I all infection free now then?!

Let me know when I am discharged and then I can buy you that coffee to say thanks (do you actually get the coffee or does it go into one big pot?)

[maliprog]

Hi sita999,

I do actually drink coffee. Twice a day . Black...with sugar and milk. For now there is one little (not big) pot. I'm not greedy ! You system is clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[maliprog]

User returned...

Hi sita999,

Can you describe what happened?

Please restart in safe mode:

• If the computer is running, shut down Windows, and then turn off the power
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe mode with networking option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• In this mode you will be able to access network and follow my instructions.

Scan your system with OTL?

• Run OTL.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

[sita999]

Hi again Mali...

So my computer was fine and then the next day just wouldn't turn on past the initial start screen. I can press F8 and it says:

Please select operating system to start:

Microsoft Windows recovery Console
do not select this (debugger enabled)
Microsoft Windows XP Professional

For troubleshooting press F8.

When I press F8 it says:

Windows advanced options menu:

Safe mode
Safe mode with networking
Safe mode with command prompt

Enable boot logging
Enable VGA mode
Last known good configuration
Directory services restore mode
Debugging mode
Disable suto restart on system failure

Start normally
reboot
return to OS choices menu.

When I select 'recovery console' it asks me:

1: C\Windows
Which windows installation would you like to log onto?

and when I select Microsoft Windows XP Professional as the OS to start nothing happens, I just have a blank screen. I've also tried 'last known good config' and it produced a list as if it was checking and then seemed to crash.

Oh dear!!