Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus: Worm.Win32.NetSky 2/2011


  • This topic is locked This topic is locked

#61
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you still have a few months left on F-Secure, what I would recommend is that once it expires you uninstall it and try the 30 day trial for Kaspersky (3 pc's £49.99) followed by a 30 day trial of Avast (3 pc's $59.99) and then determine which one suits you best and that you are most comfortable with

The scan on C drive looks good, there are a few waifs and strays which I will remove to be tidy :D

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2009/05/02 15:03:48 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
    [2010/07/28 15:04:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Could you now do a final check on both drives to ensure that you are happy - once you are I will finalise the clean and tidy up :D
  • 0

Advertisements


#62
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. still running OTL on D.. it is "killing processes"... seems to be "stuck"... but I am letting it run....
  • 0

#63
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK give it a minute or two if it still hangs then just close it, the bits being removed were just old AVG related files. Of no great import
  • 0

#64
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

OK give it a minute or two if it still hangs then just close it, the bits being removed were just old AVG related files. Of no great import



OTL hung up on both drives... so I had to cancel both

Oh yes,,,, The system "seems" to be operating fine....


Here are the latest Quick Scans

Attached Files


Edited by Matt633rle, 26 February 2011 - 09:46 AM.

  • 0

#65
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Both logs look good so lets remove my tools and tidy you up. Do this on both drives. ANy questions at all then just shout ;)



I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u24-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

Download and run Puran Disc Defragmenter
As you have dual drives then defrag D from C and C from D (if that makes sense )




Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :D
  • 0

#66
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok... I will follow your latest instructions and leave a comment probably Monday.

I cannot thank you enough for all of your hard work... I am sorry Paypal was not more at this time, as the exchange rate is +65%. I will see what I can do next month.
"A man should be paid his wage".......

I can see I have a lot of clean up to do on my systems, I found many very useful articles on your site and will be implementing.

I have Win7 Pro & home edition I will be installing on both computers very soon, but question(s).
  • I have (2) 40G drives. Is that enough room to install "just the OS" and use the other drives (a 280G, 400G, 500G) for programs and storage?
  • Some programs (I believe) also "self install" on the "main drive" (or "insist" on being on the "main drive" (ie C:... like maybe Quickbooks)
  • May I get your advise on how to RE-set up my system "properly" based on how I want to use it .... and if yes, where in the forum should I start this topic.
Again... you are the finest.... :D
  • 0

#67
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
We will continue in this thread if you are happy :D

My first thoughts are that going to windows 7 is a brilliant idea, and if you go 64bit that is even better from a security and stability standpoint. I have had windows 7 now since it was released (MS gave out pre order copies cheap) and it is as fast now as when I installed it. BSOD's are a thing I vaguely remember from my XP days :D

At the moment my partitions are 80Gb and 60Gb respectively. I have the OS and all my programmes on the 80Gb drive and currently have 42Gb remaining. My music and documents are on the D drive. So windows and the security programmes (which should be on the main drive) will fit quite nicely. There should be install options on the other programmes to put them on a different partition

Based on this windirstat you can see that windows itself takes up 13.9 Gb. Looking at that now I see I need to trim the System volume down a bit


As for setup the ideal would be to have a lean and mean system. All I have running at start is my antivirus suite and nothing else. I am of the school that if it is needed to run I will start it.

Security : Then I would look at an integrated suite if you are getting a paid antivirus along with Malwarebytes as an on demand scanner. If you are going for the free option and are on windows 7 then I would be tempted not to get a firewall but use the inbuilt one. The only reason I have a suite is that I was given a free licence for carrying out the Beta testing of the Avast Internet Security suite.


Any further questions at all and I will be happy to answer them
  • 0

#68
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thank you...

Well, if there is no advantage to purchasing AV & AM.. then I will go with the free versions.

So, on the Win7 version, I can run Windows default firewall, Malwarebytes (for on demand scanning) and what Anti-virus & which Anti-malware? .. Which do you recommend?

How can I check to be sure all my current hardware/software will run on 64bit. Is there some type of online scan I could run?

I currently have my drives partitioned (not the 40G's).. if I install the new Win7 & security software on the 40G's.. physically position them as the "master drive" in each computer.... and then physically position the other drives as "slave drives" will I need to re-format the other drives to remove the OS's? Because they are "partitioned".. will I be able to just "reformat the OS partition" of the drive.. to use it for programs and/or storage?
  • 0

#69
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

How can I check to be sure all my current hardware/software will run on 64bit. Is there some type of online scan I could run?

It just so happens MS has a little advisor toolto help

So, on the Win7 version, I can run Windows default firewall, Malwarebytes (for on demand scanning) and what Anti-virus & which Anti-malware? .. Which do you recommend?

For the free version of an AV I would recommend either Avast or Avira in that order, currently AVG is not up to scratch

I currently have my drives partitioned (not the 40G's).. if I install the new Win7 & security software on the 40G's.. physically position them as the "master drive" in each computer.... and then physically position the other drives as "slave drives" will I need to re-format the other drives to remove the OS's? Because they are "partitioned".. will I be able to just "reformat the OS partition" of the drive.. to use it for programs and/or storage?

If they are set as slaves then no as they will not be seen as bootable. So once they are set up you could just delete the windows folders as they would then be purely data drives. But install them after you have installed windows on the 40Gb drives otherwise 7 will see them as dual bootable drives

I have just cleared my system volume folder and regained 16Gb. When you set up your windows 7 you can tell it to store the system restore files on another drive so that it does not clutter up the 40Gb one :D
  • 0

#70
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Thanks for the above info...

Still have one issue with the virus(es) we were working on...

F-secure window continues to pop up every so often saying "Virus could not be removed"..

When I check the "details".. is has a list of all list of the viruses it cleaned off on the last 2 reports you already have...

What it is indicating that it can't clean is:

Gen:[email protected]
[email protected]

There are several entries on the "detail list" for each of them... last time(s) 10:28, 10:29; 10:40 am (about 10 min ago)


I have not done the OTL clean up yet.. in case you need it

Edited by Matt633rle, 26 February 2011 - 11:55 AM.

  • 0

Advertisements


#71
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They have the look of either cookies or Firefox elements - are you online when these appear ?

I will use a slightly different tool this time as the analyser is more refined in the removal area, this log will be a bit bigger so attach it please

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
    Reg - ActiveX StubPath
    Reg - Disabled MS Config Items
    Reg - Drivers32
    Reg - IE Explorer Bars
    Reg - NetSvcs
    Reg - SafeBoot Minimal
    Reg - SafeBoot Network
    Reg - Shell Spawning
    Reg - Winsock2 Catalogs
    Evnt - EventViewer Logs (Last 10 Errors)
    File - Lop Check
    File - Purity Scan

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

  • 0

#72
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
No.. I don't believe I was online at the time the of last occurrence... I was getting ready to clean up OTL.

Will follow your instructions.... bbl
  • 0

#73
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. OTS scan

Attached Files

  • Attached File  OTS.Txt   207.41KB   94 downloads

  • 0

#74
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are two iffy FF extensions there so I will remove them, I will also remove hitmanpro as none of my tools will clean that up

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Driver Services - Safe List]
YY -> (hitmanpro35) Hitman Pro 3.5 Support Driver [Kernel | On_Demand | Stopped] -> D:\WINDOWS\system32\drivers\hitmanpro35.sys
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> D:\Documents and Settings\Renee Evans\Application Data\Mozilla\FireFox\Profiles\venkubou.default\prefs.js
YN -> browser.search.defaultthis.engineName -> "Elf 1.15 Customized Web Search"
YN -> browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}"
YN -> extensions.enabledItems -> [email protected]:1.0.3
< FireFox Extensions [User Folders] > -> 
YY -> ~EmptyValue -> D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\[email protected]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> Reg Error: Key error. [Button: HP Smart Select]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1078081533-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-1078081533-861567501-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{200DB664-75B5-47c0-8B45-A44ACCF73C00}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{200DB664-75B5-47c0-8B45-A44ACCF73F01}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{DDE87865-83C5-48c4-8357-2F5B1AA84522}" [HKLM] -> [HP Smart Select]
[Files/Folders - Created Within 30 Days]
NY ->  Hitman Pro -> D:\Documents and Settings\All Users\Application Data\Hitman Pro
[Files/Folders - Modified Within 30 Days]
NY ->  RogueKiller.exe -> D:\RogueKiller.exe
NY ->  hitmanpro35.sys -> D:\WINDOWS\System32\drivers\hitmanpro35.sys
NY ->  HitmanPro35_2.exe -> D:\Documents and Settings\Renee Evans\Desktop\HitmanPro35_2.exe
[File - Lop Check]
NY ->  Hitman Pro -> D:\Documents and Settings\All Users\Application Data\Hitman Pro
NY ->  wyUpdate AU -> D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU
[Alternate Data Streams]
NY -> @Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Renee Evans\Desktop\OTL.scr:FS_dl_url
NY -> @Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url
NY -> @Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.
  • 0

#75
Matt633rle

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok.. I cut & pasted what you indicated... the fix ran... the program said it needed to restart my computer to complete.. I said ok... but I did not get the "notepad" file... (unless it is on my computer somewhere?)

should i run it again with the same paste?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP