Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Uncertain of What I Have - Redirects, WinPatrol Popups


  • This topic is locked This topic is locked

#31
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Yup, that seems to be the only problem.

Internet works on the infected computer.
  • 0

Advertisements


#32
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

We need to check to see what files are locked:


We need to scan the system with this special tool:
  • Please download and save:

    Junction.zip
  • Unzip it and place Junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the Run box and click OK

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.
  • 0

#33
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

..
Failed to open \\?\c:\\Documents and Settings\Talg\Desktop\OTL.com: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Talg\Desktop\OTL.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Talg\Desktop\OTL.scr: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Talg\Desktop\rkill.exe: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE: Access is denied.


..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

...

...

...

...

...

.\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

..

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.


.

...

...
  • 0

#34
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

Can you please do the following:


Step 1:

Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe
Copy and paste the following in the edit box:

c:\\Documents and Settings\Talg\Desktop\OTL.com
c:\\Documents and Settings\Talg\Desktop\OTL.exe
c:\\Documents and Settings\Talg\Desktop\OTL.scr
c:\\Documents and Settings\Talg\Desktop\rkill.exe
c:\\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
c:\\Qoobox\BackEnv
c:\\WINDOWS\system32\MRT.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.


Step 2:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Homburg
  • 0

#35
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
GrantPerms by Farbar
Ran by Talg at 2011-11-04 09:01:41

===============================================
\\?\c:\\Documents and Settings\Talg\Desktop\OTL.com

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Talg\Desktop\OTL.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Talg\Desktop\OTL.scr

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Talg\Desktop\rkill.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)


\\?\c:\\WINDOWS\system32\MRT.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)






[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cf908f46a0f4db46bd12ced09c4e2d47
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-04 02:16:38
# local_time=2011-11-04 10:16:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 62701488 62701488 0 0
# compatibility_mode=768 16777215 100 0 50131403 50131403 0 0
# compatibility_mode=8192 67108863 100 0 61747651 61747651 0 0
# scanned=71592
# found=87
# cleaned=87
# scan_time=3709
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Sony\VAIO Event Service\VESMgr.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rasapubw.dll.vir a variant of Win32/Kryptik.BQR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082144.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP222\A0082214.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP222\A0082215.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0082307.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0082308.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0083323.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0083324.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084326.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084327.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084343.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084344.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084366.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084367.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0084393.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0084502.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0084503.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0084523.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0084524.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0085526.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP225\A0085527.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP232\A0085800.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP233\A0085909.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086308.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086309.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086380.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086393.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086395.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086396.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086417.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086418.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086444.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086445.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086457.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP235\A0086458.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP236\A0086552.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP236\A0086553.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086572.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086573.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086593.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086594.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086622.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0086623.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0087622.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0087623.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0088622.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP237\A0088623.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088636.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088637.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088656.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088657.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088670.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP238\A0088671.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP239\A0088693.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP239\A0088694.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0089693.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0089694.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090693.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090694.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090706.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090707.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090720.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090721.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090770.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090771.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090787.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090788.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090800.sys Win32/Rootkit.Agent.NUT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP240\A0090801.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090837.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090876.dll a variant of Win32/Kryptik.BQR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090942.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090943.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090944.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090945.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090946.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP241\A0090947.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10072011_090508\C_WINDOWS\246875462:3120187633.exe Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10072011_091712\C_WINDOWS\246875462:3120187633.exe Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\10072011_092947\C_WINDOWS\246875462:3120187633.exe Win32/Sirefef.CT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#36
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello,

Your PC is now clean :)

First we'll remove the tools that we've used then look at preventing getting infected again. It's important to remove the tools as it also removes the malware that we currently have quarantined.

Please do the following:

Clean up with OTL:
  • Leave OTL.exe on your desktop and delete the others
  • Double-click OTL.exe to start the program.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.

Follow these steps to uninstall Combofix
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.


Please delete aswMBR and any remaining logs from your desktop.


Windows Updates.

It is essential that you regularly check and install the latest Windows Updates. Vulnerabilities within Windows can leave your computer open to infection. Regular updates are released to fix these security vulnerabilities. I recommend that you set Windows to check, download and install your updates automatically.

Click Start
Select Control Panel
Click on Automatic (recommended)
Set the day and time for the update check. Set this to a time when your computer will normally be on and connected to the internet.
Click Apply then OK.


JAVA updates.
As with Windows, Java also needs to be regularly updated to fix security vulnerabilities. You can download the latest version of the Java Runtime Environment (JRE) from here. Download, install and reboot your computer. You also need to uininstall older versions of Java.

Click Start
Select Control Panel
Select Add or Remove Programs
Remove all Java updates except the latest one you have just installed.


Adobe updates.
You should ensure you use the latest Adobe Acrobat Reader and install any security updates that are released. Older versions are susceptible to attack. You can download the latest reader and updates from here.


To learn more about how to protect yourself while on the internet you might like to read this GeeksToGo article. This covers some of the safety measures that I've included and also some more.

Happy surfing and stay safe :yes:

Homburg.
  • 0

#37
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Thanks for all the help!
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP