Jump to content
JoeyT

Help with infection

Recommended Posts

Thanks. I think i'll restart and see how it goes and let you know. You've been a great help.

Share this post


Link to post
Share on other sites

Done the restart. All looks well so far (opened this site easily). Roguekiller came back good (i think):

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: teng [Admin rights]

Mode: Scan -- Date: 07/14/2012 10:29:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++

--- User ---

[MBR] b920a0ccdea031bc9d9ac6253324ac86

[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[26].txt >>

RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;

RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;

RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;

RKreport[24].txt ; RKreport[25].txt ; RKreport[26].txt ; RKreport[2].txt ; RKreport[3].txt ;

RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;

RKreport[9].txt

Just running a full scan MBAM for a final check. Also could you give me some info on how to and which antimalware programs I can uninstall and which logs etc I can get rid off. Thanks so much

Share this post


Link to post
Share on other sites

Great thumbsup.gif

Yes the log is clean, use it and run RogueKiller again tomorrow and if it shows any infections, let me know.

Let me know either way.

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

MrC

Share this post


Link to post
Share on other sites

Thanks so much for your help. I will let you know if Roguekiller detects anything tomorrow.

Also jsut out of interest, is there anything I can do to remove the Win32/Ramnit.L virus and am I currently infected with it

Share this post


Link to post
Share on other sites

I checked my MSE history and it found a Trojan: WinNT/Ramnit.gen!A last night. I'll run a scan now to check. But it couldn't delete it. This is the error message:

Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.

Share this post


Link to post
Share on other sites

Thanks for the links. After reading all the information I think I'll backup my documents and just do a complete system restore (to factory settings). That should do it (right?). Thanks so much for all your help over the past few hours, you're awesome

Share this post


Link to post
Share on other sites

Yes, that's the best option.

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.