Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tracur Gen 4 [Solved]


  • This topic is locked This topic is locked

#31
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I did the manual deletion. Ran ESTAT twice. Both times it picked up 3 threats instead of two. I am hoping they are in the deletion file, but I hit finish before List of found threats and lost the export.
  • 0

Advertisements


#32
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
The log created by the scan can be found here:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • 0

#33
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is the ESET log that was there. I assume it over-writes itself.

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15371
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 07:32:53
# local_time=2013-10-06 12:32:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79531
# found=2
# cleaned=0
# scan_time=2768
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15380
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-07 04:20:37
# local_time=2013-10-06 09:20:37 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79692
# found=2
# cleaned=0
# scan_time=2234
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15380
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-07 05:03:06
# local_time=2013-10-06 10:03:06 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79719
# found=2
# cleaned=0
# scan_time=2064
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15407
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 10:38:53
# local_time=2013-10-08 03:38:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=76379
# found=3
# cleaned=0
# scan_time=2232
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15410
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-09 05:08:19
# local_time=2013-10-08 10:08:19 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79968
# found=3
# cleaned=0
# scan_time=2839
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll"
  • 0

#34
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Because Eset hasn't removed the threats, I have looked again at my instructions for running it and realise that I asked you to uncheck "remove found threats" at the beginning of the instructions.

I'm afraid you'll have to run it again and this time after clicking the Start button and accepting any security warnings from your browser, make sure that both Scan archives and Remove found threats are both checked.
  • 0

#35
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Looks like ESET found more stuff. I checked my manual deletion before runing it. Both those folders were empty.

C:\Documents and Settings\Paul\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38\3e95e6e6-5828cd2e a variant of Java/Exploit.Agent.PDE trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll Win32/Boaxxe.G trojan cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
************************************************************************************
[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15371
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-06 07:32:53
# local_time=2013-10-06 12:32:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79531
# found=2
# cleaned=0
# scan_time=2768
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15380
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-07 04:20:37
# local_time=2013-10-06 09:20:37 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79692
# found=2
# cleaned=0
# scan_time=2234
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15380
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-07 05:03:06
# local_time=2013-10-06 10:03:06 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79719
# found=2
# cleaned=0
# scan_time=2064
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\NVIDIA nvCpl Container\igcuampe.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Symantec\NETGEARGenie\feekjl2.dll"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15407
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-08 10:38:53
# local_time=2013-10-08 03:38:53 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=76379
# found=3
# cleaned=0
# scan_time=2232
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15410
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-09 05:08:19
# local_time=2013-10-08 10:08:19 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=79968
# found=3
# cleaned=0
# scan_time=2839
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan" ac=I fn="C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ff60dd5782a63248903b14463845effa
# engine=15440
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-11 01:47:26
# local_time=2013-10-10 06:47:26 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=80931
# found=4
# cleaned=4
# scan_time=5942
sh=11E04974AAFA8489EC2D0045D9646E54C0128CA9 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.PDE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Paul\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38\3e95e6e6-5828cd2e"
sh=DC6A02F7DE9738C302679E29F252FF3DAB6F8714 ft=1 fh=c71c0011df7b656b vn="Win32/Boaxxe.G trojan (cleaned by deleting - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc1.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting - quarantined)" ac=C fn="C:\RECYCLER\S-1-5-21-1078081533-515967899-725345543-1003\Dc2.dll"
sh=40AFC0E60F90C7DECD1E6DD9A34F03E957D30D91 ft=1 fh=c71c0011d9da0cef vn="Win32/TrojanDownloader.Tracur.V trojan (cleaned by deleting - quarantined)" ac=C fn="C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP169\A0043692.dll"
  • 0

#36
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
That's good. There was only one found and dealt with in that scan, (the others were what had been dealt with previously).

Can you tell me if there are any remaining problems.
  • 0

#37
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Well, suddenly it is very slow. I dont use it other than to process these changes. I have lots of questions though if you think we are cured.
  • 0

#38
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Whether we are clear or not depends on the questions. :unsure:
  • 0

#39
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
So I had renamed the Feekjl.dll. I didnt delete it, but it shouldnt have been actively infecting with a different name could it? It is deleted now along with iguampe.dll so dont I need to replace them with clean versions? Back on the 10/6 I told you that I scanned both Symantec and MBam, the indivual files themselves. I wasnt looking to delete them. I just wanted to see if those 2 anti-virus products would detect them and neither did. That worries me. I could see Symantec not working after 7/5/13, but MBam was brand new. The Automatic Symantec start-up scan isnt actually doing anything now right - so should I cancel the scan? I have tools all over my desktop. What should I keep, and what should go? What do I need as far as Anti-virus product now. If I am clean is it okay to run System Mechanic now or never?
  • 0

#40
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here's the lates
Scan Archives off
Remove Found threats off
C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP171\A0043731.dll Win32/Boaxxe.G trojan
C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP171\A0043732.dll Win32/TrojanDownloader.Tracur.V trojan
I take it these are fine as long as I dont do a system restore yes?
  • 0

Advertisements


#41
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

I just wanted to see if those 2 anti-virus products would detect them and neither did.

Symantec is only an antivirus program and cannot detect ALL malware.

Malwarebytes is an antimalware tool that can pick up malware including (some) rogue security software, adware, and spyware. It is NOT an antivirus and again is not capable of finding ALL malware.

Due to misinformation by the media, most people lump all infections together and think that they are all “viruses”. In fact viruses are not as dangerous as many of the infections that are around these days so an antivirus program alone will not pick them up.

The combination of an antivirus program and Malwarebytes should protect against the majority of common infections but won’t protect against the most malicious.

===================================================

is it okay to run System Mechanic now or never?

Never!

As I previously mentioned, it's not a good idea to use registry cleaners/boosters besides which IOLO has a pretty bad reputation and some versions have been known to disable virus scanners.

Apart from that, the usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of System Mechanic and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here

===================================================

Remove Found threats off
C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP171\A0043731.dll Win32/Boaxxe.G trojan
C:\System Volume Information\_restore{8FC0CDC2-5BF5-49C3-B0AC-1DE9FA8319D3}\RP171\A0043732.dll Win32/TrojanDownloader.Tracur.V trojan
I take it these are fine as long as I don’t do a system restore yes?

We’ll set a new restore point and get rid of the others now that your computer appears to be clean so those won’t be a problem.

===================================================

I’d like one more scan before we tidy up.

Run Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:


Internet Services
Windows Firewallsfc
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • press "Scan".
  • it will create a log (FSS.txt) in the same directory the tool is run.
  • please copy and paste the log to your reply.
Thanks

Satchfan
  • 0

#42
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Farbar Service Scanner Version: 13-09-2013
Ran by Paul (administrator) on 12-10-2013 at 07:10:02
Running from "C:\Documents and Settings\Paul\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x09000000050000000100000002000000030000000400000008000000090000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#43
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Well done - your computer appears to be clean.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall Combofix

Follow these steps to uninstall Combofix

  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.

Posted Image

  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.
You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Firewall

You're using the Windows Firewall which is not adequate protection. The main reason you should use a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop Outgoing signals (possibly ones that could intrude your privacy) from sending information to the Internet or to other networks. That means if malware happens to compromise your PC again, it will be able to SEND OUT out your credit card data and any other personal information.

I suggest you install a more robust third party firewall that filters both incoming and outgoing traffic.

Download and install one of the following freeware firewalls from below:

Sygate Personal Firewall Free Edition:
Comodo Personal Firewall:

NOTE only install one firewall. Having more than one could cause many programs to stop working altogether. Also, the firewalls may get in each others' way and cause some security holes that would not be there with just one firewall.

When you have done that:

Disable Windows firewall:

  • Click on Start, Settings and then Control Panel
  • click on the Security Center icon.
  • click on the Windows Firewall icon
  • click Off (not recommended) and then click OK.
You should take the time to read Understanding and Using Firewalls

===================================================

Update installed programs

Your versions Java and Adobe Reader are out-of-date and need to be removed and updated. Having the latest updates ensures there are no security vulnerabilities in your system.

To remove them:

  • click on Start, Settings, Control Panel
  • double-click Add or Remove Programs - (it may take time for the list to appear, so be patient)
  • scroll down the list and look for any of the above entries:
  • if they are present, click on the program name and then on Remove.

Visit Adobe and download the latest version of Acrobat Reader.


NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Posted Image

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan
  • 0

#44
GotNoTime

GotNoTime

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I went with the Comodo FireWall and now it seems to have wiped out my network connection when I had to do a reboot on the Adobe install. I am going to have to mess with that for a while before a
I can complete the other steps. Bare with me.
  • 0

#45
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
:thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP