Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected with Tanatos.M, Heur, Rootkit, and Trojan Gen-Virut

Started by sethji2 , May 20 2010 02:52 AM

  • This topic is locked This topic is locked

#46
andrewuk
Posted 27 June 2010 - 08:29 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
try this one:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

Advertisements

#47
sethji2
Posted 27 June 2010 - 11:47 PM

sethji2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hello Andrew,

I also ran the AV-CLS scanner (selected the Sophos one)- but only the Detect mode.
It is showing 2 viruses - 'Troj/Proxy-JQ' and 'Mal/Generic-A'. They both are shown in System Restore files (path is C:\System Volume Information\_Restore|....files)

I've run only the DETECT mode. Not yet removed the viruses. Let me know if I can run the Remove mode as well.

Secondly, I tried installing Avast Anti-Virus, it installed properly and got updated with the latest. Ran "Full Scan" twice, first time it showed some viruses (Sality-off) but they were moved to Virus chest. Second time run came out clean. However, there are many system restore files which were not scanned at all.

Third, Is there any way to delete the restore point files from the computer

As of now, the Task Mgr, Regedit and System Restore apps are coming up fine.
  • 0

#48
sethji2
Posted 27 June 2010 - 11:48 PM

sethji2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Oops, I posted before seeing your last post regarding the ESAT online scan.
Let me try that as well and I'll post the log.

Thanks,
  • 0

#49
andrewuk
Posted 28 June 2010 - 05:08 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

I also ran the AV-CLS scanner (selected the Sophos one)- but only the Detect mode.
It is showing 2 viruses - 'Troj/Proxy-JQ' and 'Mal/Generic-A'. They both are shown in System Restore files (path is C:\System Volume Information\_Restore|....files)

I've run only the DETECT mode. Not yet removed the viruses. Let me know if I can run the Remove mode as well.

Secondly, I tried installing Avast Anti-Virus, it installed properly and got updated with the latest. Ran "Full Scan" twice, first time it showed some viruses (Sality-off) but they were moved to Virus chest. Second time run came out clean. However, there are many system restore files which were not scanned at all.

Third, Is there any way to delete the restore point files from the computer

dont worry about the system restore, we flush those at the end (and it will contain infections right now). looks like the Avast removed one of our tools (Sality-off) but no worries there, i suspect we are done with it.

as far as i can tell, your machine is looking good. but lets await the ESET scan.

andrewuk
  • 0

#50
sethji2
Posted 06 July 2010 - 05:11 AM

sethji2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Andrew,

The ESET scan is also not completing. I've been trying for it for last 1 week.
However, the system seems to be running fine now. Let me know what else needs to be done.

Thanks,
  • 0

#51
andrewuk
Posted 06 July 2010 - 03:23 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello sethji2

congratulations, your logs are clean and another fix is in the can :)

given the avast installed and ran, and only found some risk tools but nothing else then your machine appears clear of the infection. the avast would have found indications of this infection if it was still on your machine.

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Follow these steps to uninstall Combofix, some of the tools used in the removal of malware and to flush your system restore points
  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between ComboFix and the /Uninstall, it needs to be there.
    Posted Image
  • You will be notified if combofix has been successfully removed


====STEP 2====
Double-click OTL to run it. (Vista users, please right click on OTListIt.exe and select "Run as an Administrator")
  • Click the Clean up button and let the program run
  • when prompted, click Yes to the reboot.
you can also clear away any other tools we used.


====STEP 3====
given the nature of the infection, we will also do a manual flush of your system restore points:

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

Instructions with screenshots to help is http://www.f-secure..../sfc_dis1.shtml

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405



====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.


====AND FINALLY====
The following is a list of free tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • MBAM - Malware Bytes Anti Malware is an excellent tool for anyone's antimalware arsenal. This program should be updated and run often.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Digsby or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • FireFox - Alternate web browser. Open source and quick, Firefox is usually the first thing I install on a new system.
  • NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk
  • 0

#52
sethji2
Posted 09 July 2010 - 12:42 AM

sethji2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Hi Andrew,

There is a problem.
I followed the above and on Step 3, point no. 2, when I rebooted the machine, it crashed showing a blue screen.

The machine is not coming up. It shows the Win XP logo at startup and then crashes to Blue screen.

I think I need to use the winXP setup cd, but want to confirm with you if there will be any data loss.

Thanks,
  • 0

#53
andrewuk
Posted 09 July 2010 - 02:10 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
hmm, that is annoying. sorry about that.

follow the instructions here

you will need the setup cd, but your data should not be lost.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP