[Salagubang]

Hi crisg6152,

Excellent I believe the machine is now clean.

Lets wrap up.

Removing AVP drivers.

• Open OTL
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  
  

  :OTL
  DRV - (utc1oty2) -- C:\WINDOWS\system32\drivers\utc1oty2.sys ()
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]
  [Reboot]

• Then click the Run Fix button at the top
• You may be asked to reboot - if so, choose Yes

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix

• Click the Start button
• Click Run...
• Type Combofix /Uninstall in the run dialog box and click OK

Remove Other Tools

• Download OTC to your desktop and run it
• Click CleanUp! to begin the cleanup process and remove our tools, including this application
• You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Clean Temporary Files

• Download TFC to your desktop
• Open the file and close any other windows
• It will close all programs itself when run - make sure to let it run uninterrupted
• Click the Start button to begin the process - the program should not take long to finish its job
• Once it is finished, it should reboot your machine, if not, do this yourself to ensure the cleaning process completes

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:

• Go to Tools (drop-down menu at the top of the window)
• Go down and click Folder Options
• Click on the View tab
• Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
• Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
• Click Apply, and then Ok at the bottom.
• Close the window

++++++++++++++++++++++++++++++++++++


Below are links to several programs that will help protect your computer.

Anti-Spyware
I recommend downloading and installing any of the following applications.

• SpywareBlaster keeps spyware from installing on your system - read the tutorial here
• SpywareGuard protects your browser and computer in real time - read the tutorial here
• SUPERAntiSpyware Free Edition detects and removes spyware, adware, malware, trojans, rogue software, worms, rootkits, parasites and other potentially harmful software applications - read the tutorial here

++++++++++++++++++++++++++++++++++++

Other things to keep in mind.

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

• Windows Update (2000/XP) or Windows Update (Vista)
• Java
• Adobe Reader
• Adobe Flash Player

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.

• Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
• ERUNT (Emergency Recovery Utility NT) - a registry backup utility
• Cobian Backup - a very good backup utility - read the tutorial here
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
• Green to go
• Yellow for caution
• Red to stop

WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there!

[Advertisements]

Hi Salagubang

All processes now run as requested - very many thanks for your assistance. It's very much appreciated.

Please, keep up the good work, and very best of luck for the future.

Chrisg6152

[chrisg6152]

Hi Salagubang

All processes now run as requested - very many thanks for your assistance. It's very much appreciated.

Please, keep up the good work, and very best of luck for the future.

Chrisg6152

[Salagubang]

You're most welcome.

[chrisg6152]

Hi

One last thing regarding the tidy up - I still have the TFC and DrWeb-Cureit applications on the desktop. How do I get rid of them?

Thanks

Chrisg

[Salagubang]

You may delete them both manually.

[chrisg6152]

Thanks.

I think we can consider this one CLOSED.

Thanks again for your help.

Chrisg

[chrisg6152]

Hi Salugabang

Sorry to bother you again but when we finished the problem above, was there a final restore point created anywhere?

The reason I ask is that I have had the PC crash during a download and am having trouble getting XP to boot. (Don't they say it comes in threes). I have run AVG Rescue and that comes up negative.

I am already receiving assistance from Geekstogo through the Windows forum, but we can't find any restore points to use(using Recovery Console).

Many thanks

Chrisg

[Salagubang]

There should be a restore point created Feb 23rd when we did the clean up process and ERUNT registry backup on Feb 22nd when you ran Combofix and ERUNT backup when we first started.

[chrisg6152]

Thanks for that - I'll pass it on. Hopefully we can use it!

[chrisg6152]

Hi Salugabang

Sorry to trouble you AGAIN but I need some advice/guidance regarding the restore points that were set. As previously mentioned, my PC crashed and won't boot up and so with another tech from the XP Forum, I am trying to fix it.

We tried to do a repair installation of XP, because I couldn't find the restore point folder, but that failed.
I have since found the RP folders in C:\System Volume Information\_restore{2025......} folder, but we still can't ge them to set.

The topic is here - http://www.geekstogo...68#entry1972768

Not wishing to step on Ron's toes but could you possibly take a look and see if there is any other way we can reset Windows from the RP1, 2 or 3 folders. Sometimes a second pair of eyes spots something different.

Very many thanks

[Salagubang]

Hi chris6152,

There is no guarantee that using the restore points available will fix the problem you're having, i.e., missing WINDOWS\SYSTEM32\Drivers\DRVMCDB.SYS. The file windows is looking may have been corrupted due to the crash or may not be there at all.

Backing up all of your important files and then doing a clean install/factory settings would be the fastest and sure course of action. It may look painful but since you have already made a backup of everything important, I bet it would only take you about an hour and a half - give or take.

Ron is a very capable and dedicated tech and he can guide you restoring back that computer.

+++++++++++++++++++++++++

As for the original question on restore points:

Since you're already using puppy linux, you can ask Ron if it would possible to use that to transfer the files required to the correct directory location. It would be convenient since it has a nice and easy GUI.

[chrisg6152]

Many thanks for the reply - much appreciated.

I have every confidence in Ron, as I do with all the GTG techs. The skill you all show is admirable and enviable.

I shall have to try and be more patient!!

Be safe.

[Salagubang]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.