Ghostrider 7

Ok Gringo, Everything has been complied with. I will download the antispyware programs you suggest tomorrow. The "Make your Internet Explorer more secure" link says it is for IE7, I'm guessing that also goes for IE8? There are a couple more things left on your post that I need to do tomorrow, so I'll be back on to take care of them. How long do these topics stay in the forum after they are closed? I should be back on tomorrow morning to finish up. If you are going to close this topic then let me thank you again for your assistance. You did a great job & a great service to all that face the scourge of malware. It was a pleasure working with you. KEEP KILLIN' THOSE BUGS!! Best Regards, No longer NeedhelpinTX (for now)

It says "Windows cannot find maxlook -cleanup". And it also says the same for ComboFix. McAfee ate ComboFix again after it was reactivated. I'm going on with the rest of your post. Defogger enable complied with. defogger_enable by jpshortstuff (23.02.10.1) Log created at 23:14 on 30/04/2010 (Dad) Parsing file... -=E.O.F=-

Here's the ESET log file & it appears to be the infection you cleared last night. (rasacd.sys renamed to rascd.old) ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=709d22b16f9d3a4a91bfa66f9d1d676c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-01 02:38:44 # local_time=2010-04-30 09:38:44 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=5121 16776869 100 96 615308 24673278 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=182801 # found=6 # cleaned=0 # scan_time=13370 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\rasacd.sys.vir Win32/Patched.EQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP332\A0054278.sys Win32/Patched.EQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP334\A0055508.sys Win32/Patched.EQ trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{A52B9333-83B8-4BCA-9C88-7ECB161F3534}\RP334\A0056936.sys Win32/Patched.EQ trojan 00000000000000000000000000000000 I C:\WINDOWS\maxdriver\rasacd.sys Win32/Patched.EQ trojan 00000000000000000000000000000000 I C:\WINDOWS\system32\drivers\rasacd.old Win32/Patched.EQ trojan 00000000000000000000000000000000 I The pc seems to be running okay, no redirects or pop-ups. Now, do I check the box for "Uninstall application on close"? ESET says, "Select Uninstall if you want to remove all ESET Online Scanner files from your computer. The next time you run ESET Online Scanner, they will need to be downloaded again". Then click "Finish". What's my next step?

ESET is at 99% step 3 of 4. It found five Win32/Patch/EQtrojan during the scan. Is this one we repaired? I'll post the log when finished. NHITX

Ok Gringo, I'll run ESET. By the way, I went to the Kaspersky website & I think their on-line scanner is down for an upgrade. This is what they had on the free scanner page. Detect viruses on your computer with Kaspersky

Hello Gringo! I did the TFC cleaner & MBAM. No problems encountered with these. TFC did have me reboot. McAfee also ate ComboFix like last time. But, I did have a problem when I went to the Kaspersky online scanner. I will also attach a screen shot of the problem I had with Kaspersky. The only way I could get of the Kaspersky website was alt-crtl-del. I wasn't going to click on anything, it may of been genuine, but I'm gun shy now. First, here is the MBAM log & it was clean. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4056 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/30/2010 5:04:32 PM mbam-log-2010-04-30 (17-04-32).txt Scan type: Quick scan Objects scanned: 158887 Time elapsed: 14 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Now, here's the screen shot of the Kaspersky problem. I got a Security Warning pop-up that read "The application's digital signature has an error. Do you want to run the application?" The yellow warning shield didn't look right to me, plus it says the name is javavm & the publisher is Microsoft Corporation. I did have a Java icon show up in the system tray next to the Ad-Aware icon. So, I'm not sure if this is real or another malware program. It seems funny that you would get something like this at the Kaspersky site. I'll be waiting for your response! NHITX

Sorry, I didn't see your post above my last post. I will run TCF, MBAM, Kapersky tomorrow after work & post the logs. Good night all! NHITX out

One last thing. Do I need to run defogger & activate the CD Emulators? I got this off of AdvancedSetup's post at topic 9573, "I'm infected - What do I do now?, Please follow these instructions to clean your system" DeFogger - Re-Enable (only run when instructed to when your system is clean again) To re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers. Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop. Your Emulation drivers are now re-enabled. NHITX

Thanks a bunch Gringo! I really appreciate your help! I'll check back every so often, since I've posted enough to be an Honorary Member! Best Regards, NO LONGER NeedhelpinTX!! You may close the post!

Gringo, It looks like it is working ok. No redirects or no pop-ups. I need or will need to do the following: Enable the CD Emulators Turn McAfee back on Make sure Adobe is up to date Check Windows Update Do I need to uninstall/clean up any programs we used? Or can they just be sent to the recycle bin? Is there any thing else you can think of? After you give the pc a clean bill of health, all I ask of you is to answer my PM. Man, I might get to go to bed at a regular time tonight! NHITX

I guess what we done will take care of everybody's logon? There are 4 different logons, 1 for me, 1 for my wife, & 1 for each son. I'm rebooting & logging on each one & testing. Also, let me know when I can turn cd emulation back on with defogger, because I may forget later.

6 instances of IE8 open & no redirects! That's a good thing! Talk to you in 2 hours! Thanks! NHITX

Cool! It's 7:15 here now. I'll let you know something in 15 & again at 10:30 your time, 9:30 mine. So far so good! Don'y forget about my PM I sent you, I would really appreciate your advice. Thanks! NHITX

I was thinking the same thing? I'm surfin'!

Instructions carried out. No problems. Awaiting reboot & redirect testing. Do you want be to fully activate McAfee? It will eat ComboFix again.