Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirects, Rootkit and program closures.


  • Please log in to reply

#16
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts

My computer had been behaving much better! I have had no random program closures and have been able to install my Windows Updates. I went ahead and updated almost everything I could from the Secunia application scan (http://secunia.com/v...line/?task=load). I have not run any cleanup utilities as of yet (Ccleaner, ATF Cleaner, or OTLCleanit). So far so good.

Excellent. MBAM log looks fine :). Glad to hear things are running well.

I have not run any cleanup utilities as of yet (Ccleaner, ATF Cleaner, or OTLCleanit).

Those programs have different functions. CCleaner and ATF Cleaner are temp file cleaners, OTCleanIt gets rid of all the tools used in the removal of malware. ATFCleaner is the best of the temp file cleaners, I would recommend using that one, you can run it as often as you like to get rid of unnecessary temp files.

While I am relieved and greatly appreciative that we have removed most/all of my symptoms, it would be great to know what other steps we can take as far as cleanup/prevention. Also, should I be worried about my logins/passwords being compromised on this machine? Thanks again so much for your help.

While there weren't any infections that I saw which specifically aim to steal passwords, it's never a bad idea to change your passwords after a removal of malware to be on the safe side.

I would like to run an online scan, 1 final check to make sure things are all set. This is the most in-depth scan we use, so if this comes back clean then you'll be good to go.

1. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), please post the contents of this log on the forum in your next reply.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Scan
  • Follow this link to the Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Cheers,
Dave
  • 0

Advertisements


#17
Heisenberg

Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dave,

Sorry I've taken so long to get back. I've had a lot of work to catch up on having this box out for that week. I have run Java Ra and all seems well. I am running the Kaspersky Online Scan right now and will post it first thing in the morning. Thanks again.
  • 0

#18
Heisenberg

Heisenberg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dave,

Here is the Kaspersky report which came back negative!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, April 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, April 23, 2009 09:15:26
Records in database: 2071318
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 231221
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 05:35:16

No malware has been detected. The scan area is clean.

The selected area was scanned.

Java Ra went fine and I have since run ATF Cleaner. So far I have had no recurring symptoms! Whatever we found in that OTScan log did the trick. What was it that we actually removed in that last step anyhow?

I am absolutely grateful for your help in this removal process Dave. As you can tell, I have had some experience with these matters but I have never come across a Rootkit so stubborn as this one. I was particularly embarrassed to have contracted one in the first place. Also, I currently work for a major computer manufacturer and had done technical support for them for over a year. I moved into a better position recently and I don't want to start losing my tech edge :) .

So thanks again Dave, your help was perfect. I will do my best to offer some compensation.

Sincerely,
Troy
  • 0

#19
Transience

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Thanks for you kind words Troy, I've been away for a few days so I'm sorry for the delay in my reply.

There's some final steps I like to recommend along with advice about how to stay clean for the future that I'll leave you with:

Uninstall ComboFix and its traces from your computer:

  • Click on Start > Run
  • Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image
Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTCleanIt is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTCleanIt! to your desktop.
  • Double-click OTCleanIt.exe to run it. (Vista users, please right click on OTCleanIt.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your firewall or other protection attempts to block OTCleanIt's attempts to reach the internet, please allow it to run.
  • Click Yes to begin the Cleanup process and remove the tools we used, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
  • After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTCleanIt. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall
Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure nothing has slipped through your protection. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

If you don't have a firewall, here are some excellent free options you can test out: Comodo, Outpost, and ZoneAlarm. I'd highly recommend that you install one of those. If you do decide to use a 3rd party firewall program, please be sure to disable the Windows firewall as per these instructions so they don't conflict:
  • Please click on Start -> Control Panel
  • Double click Windows Firewall
  • Click Change Settings
  • Choose Off to disable Windows Firewall.
Finally, for a great tutorial on how to get the best protection out of your firewall, visit this link.

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use Firefox, a couple add-ons that will nicely help to enhance your security are:

McAfee SiteAdvisor: A great firefox add-on that puts McAfee's database of tested sites at your fingertips so you can know whether or not that link you're about to click is safe.
NoScript - This add-on helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in a vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates
Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?
If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Dave
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP