Jump to content

Vundo (and other problems)


Recommended Posts

  • Root Admin

Well there is no way that the Anti-Virus could have found stuff in the System Restore as the log shows if you

had done as asked in my post here: Disable and Enable System Restore-WINDOWS XP http://www.malwarebytes.org/forums/index.p...ost&p=52204

Please delete the file C:\Documents and Settings\Seanie\Desktop\seanfix.exe

Then download a NEW copy of ComboFix.exe and save it to your desktop, then run this to properly remove it.

To uninstall ComboFix.exe
  • Click
    START
    then
    RUN
  • Now type
    Combofix /u
    in the runbox and click OK. Note the
    space
    between the
    X
    and the
    U
    , it needs to be there.

  • CF_Cleanup.png


  • When shown the disclaimer, Select "2"

Remove this folder C:\QooBox\LastRun if the uninstall instructions don't work.

Then remove the Quarantine in your Anti-Virus and Disable and Enable System Restore-WINDOWS XP

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Please
Download
OTMoveIt3
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt3.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

    NOW
    please reboot your computer to finish the cleanup process

Then let me know how the computer is running please. The logs currently look clean.

Link to post
Share on other sites

Well there is no way that the Anti-Virus could have found stuff in the System Restore as the log shows if you

had done as asked in my post here: Disable and Enable System Restore-WINDOWS XP http://www.malwarebytes.org/forums/index.p...ost&p=52204

Apologies. If you check my previous reply though, I mentioned that I had already run the Avira scan before I saw your post telling me to disable/enable System Restore. That's why I asked you whether I should still go ahead and do the system restore, in light of the Avira results.

In any case, I deleted seanfix.exe (the renamed combofix), downloaded a new combofix to my desktop, and tried to run ComboFix /u, but it wouldn't work - I got the same problem as before. I don't have a C:\QooBox\LastRun folder. I only have two subfolders in that directory - C:\Qoobox\BackEnv and C:\Qoobox\Quarantine. I didn't go any further than that because I wasn't sure what to do.

thanks,

Sean

Link to post
Share on other sites

No problem Sean just a bit of mis-communication.

At this time unless there is some indication of infection the logs don't indicate you're infected anymore.

How is the computer running now?

Are there still any signs of an infection?

Hi,

I haven't removed combofix - ComboFix /u doesn't work (it says it can't find combofix) and I don't have a C:\Qoobox\BackEnv folder (I have other subfolders but not that one).

Because of that, I still haven't done a system restore (can I do one now?) and I haven't run OTMoveIt3 yet. I wasn't sure whether I should go ahead with those steps.

Other than that MBAM is clear, but Avira is still finding TR/Dropper.Gen trojan.

Thanks again - things are obviously much better than before. :D

Sean

Link to post
Share on other sites

  • Root Admin

Please run the following to clean up those tools properly.

1. Click on START - RUN and type in or copy/paste %windir%\gmer_uninstall.cmd and click OK

2.

Try this and if you renamed Combofix to make it work then use that name instead.

To uninstall ComboFix.exe
  • Click
    START
    then
    RUN
  • Now type
    Combofix /u
    in the runbox and click OK. Note the
    space
    between the
    X
    and the
    U
    , it needs to be there.

  • CF_Cleanup.png


  • When shown the disclaimer, Select "2"

Remove this folder and all sub folders C:\QooBox if the uninstall instructions don't work.

3. Run this tool.

Please
Download
OTMoveIt3
by Old Timer
and save it to your
Desktop
.
  • Double-click
    OTMoveIt3.exe
    to run it.
  • While connected to the Internet, Click on the green
    CleanUp!
    button and it will populate a list of items to clean from your system that we used or may have used.

  • It should ask if you want to clean up, select Yes and allow the system to clean up these items.

    NOW
    please reboot your computer to finish the cleanup process

Then run this from CCleaner

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup216.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Uncheck "Add CCleaner Yahoo! Toolbar and use CCleaner from your browser"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

Then run the following to reset the System Restore to a new one.

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Then empty your Avira quarnatine folder and update the program and do another system scan and let me know if it's still finding anything.

Bottom line is that when done none of the programs should find any issues.

Link to post
Share on other sites

  • Root Admin

Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?

At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.

Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • Check Turn off System Restore.

  • Click Apply, and then click OK.

  • Reboot.

Turn ON System Restore

  • On the Desktop, right-click My Computer.
  • Click Properties.

  • Click the System Restore tab.

  • UN-Check *Turn off System Restore*.

  • Click Apply, and then click OK.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster

Download it from
here

Find here the tutorial on how to use Spyware Blaster
here

Install WinPatrol

Download it from
here

Here you can find information about how WinPatrol works
here

Install FireTrust SiteHound

You can find information and download it from
here

Install hpHosts

Download it from
here

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,

tracking and malicious websites. This prevents your computer from connecting to these untrusted sites

by redirecting them to 127.0.0.1 which is your own local computer.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Visit Microsoft often to get the latest updates for your computer.

Note 1:

If you are running Windows XP
SP2
, you should upgrade to
SP3
.

Note 2:

Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.

The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.

I recommend
Online Armor Free

A little outdated but good reading on

how to prevent Malware

Keep safe online and happy surfing.

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.