Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Got infected with pceu virus, want to make sure it's gone [Solved]

Started by Casper_aa , Dec 26 2012 05:43 AM

  • This topic is locked This topic is locked

#16
Dakeyras
Posted 03 January 2013 - 04:44 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Looks like the HDD could do with some in-depth maintenance...

Hard-Drive Maintenance/Repair:

  • Click on Start(Vista Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue/Yes at the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

Advertisements

#17
Casper_aa
Posted 04 January 2013 - 11:21 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Just thought I would post an update even though I have only done this so far:

Hard-Drive Maintenance/Repair:

Click on Start(Vista Orb).
Click on All Programs >> Accessories
Right click on Command Prompt and select Run as Administrator.
Click on Continue/Yes at the UAC prompt.
At the Command Prompt C:\Windows\System32> type in the following exactly:
CD C:\
Then depress the Enter/Return key, then type in the following exactly:
Now type in DEFRAG C: -F
A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.


I assume it is still running and I have a feeling it will take a very long time. It's been running since this morning, though there was an interruption as I think as I hadn't turned off the auto-sleep mode (I think it may have paused while in sleep mode?). I recall trying to run a defragment a month or so ago but was put off when it said it would take over a day so I assume that's how long it will take.

The built in defragmenter does say it does a defrag every Wednesday and usually say's the last defrag was the previous Wednesday when I check, but I have always had a feeling that that is not actually the case.

In any case, I shall get back to you again once everything is finished but I just thought I would let you know it could be a while.
  • 0

#18
Dakeyras
Posted 04 January 2013 - 02:40 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
If the defrag' run does appear to be taking a excessive amount of time merely halt it and proceed to the check-disk onwards and we can defrag' later on etc. :)
  • 0

#19
Casper_aa
Posted 05 January 2013 - 03:49 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The defrag was taking a bit too long so I decided to stop it and proceed like you said.

Here is the log:

C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage5.zip Win32/Bagle.gen.zip worm
C:\Users\Ally\Documents\Handkerchief\CLASS.EXE probably a variant of Win32/Agent.FTPPIGI trojan
C:\Users\Ally\Downloads\Handkerchief.rar probably a variant of Win32/Agent.FTPPIGI trojan
C:\Users\Ally\Downloads\Pazera_Free_MP4_to_AVI_Converter.exe Win32/InstallMonetizer.AF application
C:\_OTL\MovedFiles\01032013_163240\C_ProgramData\dsgsdgdsgdsgw.js JS/Agent.NID trojan


I can't help but notice it mentions Handkerchief. I know this to be safe as it is actually a really obscure game. Just thought I would mention that.
  • 0

#20
Dakeyras
Posted 06 January 2013 - 05:52 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I can't help but notice it mentions Handkerchief. I know this to be safe as it is actually a really obscure game. Just thought I would mention that.

That is fine and what is known as a false positive detection as is the Pazera. Overall no action is required with regard to the online scan results, two are quarantined by Spybot and the the OTL one will be fully removed when we clean up tools used etc.

The defrag was taking a bit too long so I decided to stop it and proceed like you said.

Fair play, I am surmising the Check Disk completed, so try a defrag' again, if still a problem run another Check Disk then try a defrag' again etc.

Next:

Let check/update some software as follows shall we...

  • Download and install FileHippo Update Checker from here.
  • Once installed(during the installation process deselect the option:- Run at Startup >> Start(Vista Orb) >> All Programs >> right-click on Update Checker and select Run as Administrator >> a browser window will open after the scan is complete.
  • Download any updates detected(apart from beta updates) to the desktop >> uninstall anything that requires updating via Programs and Features in the Control Panel.
  • Re-install the updated software, delete the installers and then empty the Recycle Bin.
  • When completed the above let myself know and if any further issues remaining, thank you.
Note: When I give the all clear my advice would be to consider keeping FileHippo Update Checker installed. Then periodically use it to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
  • 0

#21
Casper_aa
Posted 06 January 2013 - 03:53 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

Fair play, I am surmising the Check Disk completed, so try a defrag' again, if still a problem run another Check Disk then try a defrag' again etc.


Yeah Check Disk completed ok.

I updated everything that needed updating and everything seems to be running fine at the moment. Still need to defrag but I put that off for now as it's likely to take a long time so I thought I would get everything else out the way first. I only work weekends so it's a lot easier for me to do it during the week when I can monitor throughout the day.
  • 0

#22
Dakeyras
Posted 06 January 2013 - 04:51 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

OK fair play RE what you mentioned about a defrag'...

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly <-- This link is currently off-line but should be back up in due course.

Clean up with OTL:

  • Right-click one OTL.exe and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click on Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Next click Start(Vista Orb) >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:
    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
  • System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, avast! Free Antivirus automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Vista Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#23
Casper_aa
Posted 07 January 2013 - 06:03 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Right, that's all done. Everything seemed to have gone well.

Thank you for all the help and all the great advice, I think I will be bookmarking this for future reference. :)

I do have to note one slight concern however. I just checked how much space I had free by right-clicking the C: Drive in the Computer folder and it say's I now have 622gb free and have used up only 308gb. Obviously the more free space the better, I was just shocked at how much more free space I had after doing the last steps from your previous post. Is that normal? I used to have around 426gb used up at least, but if it's normal then that's cool.
  • 0

#24
Dakeyras
Posted 07 January 2013 - 10:59 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Right, that's all done. Everything seemed to have gone well.

Good.

Thank you for all the help and all the great advice, I think I will be bookmarking this for future reference. :)

You're welcome!

I do have to note one slight concern however. I just checked how much space I had free by right-clicking the C: Drive in the Computer folder and it say's I now have 622gb free and have used up only 308gb. Obviously the more free space the better, I was just shocked at how much more free space I had after doing the last steps from your previous post. Is that normal? I used to have around 426gb used up at least, but if it's normal then that's cool.

This is absolutely fine and not a cause for concern. This would have occurred after performing the Reset the System Restore points advice, which also would have flushed the Vista Shadow Copies. Further information about this and how to adjust the allocation can be read at the below article:-

Vista - System Restore - disk space
  • 0

#25
Casper_aa
Posted 07 January 2013 - 11:40 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts

This is absolutely fine and not a cause for concern. This would have occurred after performing the Reset the System Restore points advice, which also would have flushed the Vista Shadow Copies. Further information about this and how to adjust the allocation can be read at the below article:-

Vista - System Restore - disk space


Ah that's good to know. Thanks again! :thumbsup:
  • 0

Advertisements

#26
Dakeyras
Posted 07 January 2013 - 12:17 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
You're most welcome! :)
  • 0

#27
Dakeyras
Posted 08 January 2013 - 04:51 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP