Jump to content

Remnants from Ransom Removal


Recommended Posts

Hi Maniac;

 

Unless you have seen anything specific in the logs to suggest I proceed with Combofix I'm going to pull the plug.  At this stage I'm more worried about using ComboFix than I am about Ransom remnants.  I'm pretty sure Kapersky removed all the active elements except for the ones you helped me with.  I'm basing this on the fact that he reconized the trojan and removed nine elements from my computer, and I don't think he would leave anything lurking there dormant waiting for the right conditions to manifest itself.

 

If I'm wrong I suppose I will find out about it eventually but it couldn't be anyting worse than of original infestation and my computer is not mission critical for business.  I've done a back-up so if worse comes to worse, I can still get it back to this current condition.

Thank you,

Jim

Link to post
Share on other sites

This type of malware is very difficult to detect and DDS can certainly not pointed out to me something of it. Here are some standard checks we can do.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Maniac, I can't believe I had all of those nasties on my computer. I'm ding another scan with ESET. Thanks, Jim

ESET Scan Results:

 

C:\Users\All Users\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx
Win32/bProtector.D application
C:\Users\All Users\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\mngr.js
Win32/bProtector.C application
C:\$RECYCLE.BIN\S-1-5-21-1938810720-712540534-2006144177-1000\$RGV4BGC.lnk
Win32/Reveton.M trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\regmonstd.lnk
Win32/Reveton.M trojan cleaned by deleting - quarantined
C:\Program Files (x86)\EaseUS\Todo Backup\bin\PxeServer.dll
a variant of Win32/TFTPD32.A application cleaned by deleting - quarantined
C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx
Win32/bProtector.D application deleted - quarantined
C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\mngr.js
Win32/bProtector.C application cleaned by deleting - quarantined
C:\Users\Jim\AppData\Local\Temp\AskSLib.dll
a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Jim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\34327d4-20681dbd
multiple threats cleaned by deleting - quarantined
C:\Users\Jim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\77d9ea8-174e3877
Java/Exploit.Agent.OLC trojan cleaned by deleting - quarantined
C:\Users\Jim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\5177d46a-6cd1cfa3
a variant of Java/Exploit.CVE-2013-1493.EG trojan cleaned by deleting - quarantined
C:\Users\Jim\Downloads\SetupImgBurn_2.5.8.0.exe
Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Jim\Downloads\tb_free.exe
a variant of Win32/TFTPD32.A application cleaned by deleting - quarantined

Link to post
Share on other sites

Step 1

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa
Step 2

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
Step 3

Try these methods to empty your Recycle Bin.

http://answers.microsoft.com/en-us/windows/forum/windows_7-files/why-wont-my-recycle-empty/4a45df52-e946-4dcc-9029-a561ee729935?tab=AllReplies#tabs

Let me know how are things there.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.