Jump to content

RECYCLER directory


Yuri
 Share

Recommended Posts

CLEAN UP

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

  • Double-click OTMoveIt3.exe. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

let me know when carried out

Link to post
Share on other sites

Well done!

Congratulations you are clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

You don't need to put all of these programs on your system unlike your Antivirus and firewall of which you can only have one of each.

However you can have several Antimalware programs

Create a new System Restore Point

This is a good time to clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6.2

Download it from here. Just choose a mirror and off you go.

Find here the tutorial on how to use Spybot properly here

Find here changes from older version 1.4 here

Install Spyware Guard

Download it from here

Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster

Download it from here

Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol

Download it from here

Here you can find information about how WinPatrol works here

Install FireTrust SiteHound

You can find information and download it from here

Install MVPS Hosts File from here

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.

http://www.update.microsoft.com

Please check out Tony Klein's article here

Read some information here how to prevent Malware.

Stand Up and Be Counted!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions.

>> Here << you can see how you can help us.

Happy safe surfing!

Dan

Link to post
Share on other sites

Thanks Dan.

I will read all your suggestions and recomendations they are of a great value for me

Also I will go and leave my mark on donations and "Stand Up and Be Counted!" page.

I am currently thinking about the switch from Symantec to Kaspersky antivirus protection.

But one thing still bothers my mind. Knowing my computer is clean at the moment it is scary to insert the memory stick into its socket.

The memory stick has infection, as I understand. Please see below.

Please advice how to clean it safely.

:):):)

============================

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Oksana>dir F:\

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of F:\

05/03/2009 10:57 PM 14,929,905 klcodec470f.exe

25/03/2009 02:57 PM <DIR> RECYCLER

12/02/2009 11:28 AM <DIR> dosbox-0.70

18/02/2009 10:48 AM 2,876,720 mbam-setup.exe

2 File(s) 17,806,625 bytes

2 Dir(s) 989,200,384 bytes free

C:\Documents and Settings\Oksana>dir F:\ /A

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of F:\

05/03/2009 10:57 PM 14,929,905 klcodec470f.exe

25/03/2009 03:01 PM 377 autorun.inf

25/03/2009 02:57 PM <DIR> RECYCLER

19/09/2008 12:10 AM <DIR> Recycled

09/10/2006 09:15 AM <DIR> Nokia Music Manager

12/02/2009 11:28 AM <DIR> dosbox-0.70

18/02/2009 10:48 AM 2,876,720 mbam-setup.exe

3 File(s) 17,807,002 bytes

4 Dir(s) 989,200,384 bytes free

C:\Documents and Settings\Oksana>

C:\Documents and Settings\Oksana>type F:\autorun.inf

[autorun]

;rwtarldzqbleclgltduepvlzewevxkxglbqihkvztwpfvzmknynakcbrplfforuusleinfxgvkysynx

kuqqoggnsy

shellexecute="RECYCLER\S-9-4-75-100025816-100017017-100013772-5338.com f:\"

;pxemhheifqiyucdlxazilkxosbgjiuzhckwkcfigemubqeeyrnawsmmlptodhrtomnlqzmgytzwzfrj

shell\Open\command="RECYCLER\S-9-4-75-100025816-100017017-100013772-5338.com f:\

"

;sjveoiogdiyudfudm

shell=Open

C:\Documents and Sett

Link to post
Share on other sites

Flash Disinfector by sUBs

Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop:

* Double-click Flash_Disinfector.exe to run it.

* Follow any prompts that may appear.

* Wait until the program has finished scanning, then please exit the program.

The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.

Please restart your computer.

Post a HJT log when done

Edit will get back to you as seems the link is missing :)

Link to post
Share on other sites

Here you go :blink:

Flash Disinfector by sUBs

Please downloadFlash_Disinfector.exe by sUBs and save it to your desktop:

* Double-click Flash_Disinfector.exe to run it.

* Follow any prompts that may appear.

* Wait until the program has finished scanning, then please exit the program.

The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.

Please restart your computer.

Link to post
Share on other sites

Hello Dan.

Things do not look good. Desinfector worked fine and deleted a lot of stuff from the stick. You can compare it to my prev. post. But hidden file and folders are not visible even the radio button is ON. There are three hidden folders.Please see below. After that there is HJT.

Thanks, Yuri :):)

=====================================

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Yuri Naumtchik>dir F:\

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of F:\

18/02/2009 10:48 AM 2,876,720 mbam-setup.exe

1 File(s) 2,876,720 bytes

0 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>dir f:\ /A

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of f:\

01/04/2009 10:15 PM <DIR> autorun.inf

19/09/2008 12:10 AM <DIR> Recycled

09/10/2006 09:15 AM <DIR> Nokia Music Manager

18/02/2009 10:48 AM 2,876,720 mbam-setup.exe

1 File(s) 2,876,720 bytes

3 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>dir F:\Recycled\ /A

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of F:\Recycled

19/09/2008 12:10 AM <DIR> .

19/09/2008 12:10 AM <DIR> ..

19/09/2008 12:10 AM 63 desktop.ini

1 File(s) 63 bytes

2 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>dir f:\autorun.inf\ /a

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of f:\autorun.inf

01/04/2009 10:15 PM <DIR> .

01/04/2009 10:15 PM <DIR> ..

0 File(s) 0 bytes

2 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>dir f:\"Nokia Music Manager"\ /a

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of f:\Nokia Music Manager

19/09/2008 12:10 AM <DIR> .

19/09/2008 12:10 AM <DIR> ..

09/10/2006 09:15 AM 76 desktop.ini

09/10/2006 09:15 AM <DIR> N-1-5-21-1895552279-3129831955-389522551-6003

09/10/2006 09:15 AM <DIR> N-1-5-21-1895522279-3129831995-389222551-6003

09/10/2006 09:15 AM <DIR> N-1-5-21-1895522279-3129831995-389522551-6003

09/10/2006 09:15 AM <DIR> N-1-5-21-1895522279-3129831995-389552551-6003

09/10/2006 09:15 AM <DIR> N-1-5-21-1895222279-3129831995-389225551-6003

09/10/2006 09:15 AM <DIR> N-1-5-21-1895552279-3129831995-389225551-6003

1 File(s) 76 bytes

8 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>dir f:\"Nokia Music Manager"\N-1-5-21-1895552279-3129831995-389225551-6003\ /A

Volume in drive F is CORSAIR

Volume Serial Number is 9C89-5C61

Directory of f:\Nokia Music Manager\N-1-5-21-1895552279-3129831995-389225551-6003

19/09/2008 12:10 AM <DIR> .

19/09/2008 12:10 AM <DIR> ..

09/10/2006 09:15 AM 76 desktop.ini

09/10/2006 09:15 AM 0 info2

2 File(s) 76 bytes

2 Dir(s) 1,011,531,776 bytes free

C:\Documents and Settings\Yuri Naumtchik>

==================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:22:04 PM, on 01/04/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Enterprise

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-2745678790-3757435101-538525854-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Oksana')

O4 - HKUS\S-1-5-21-2745678790-3757435101-538525854-1009\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe (User 'Oksana')

O4 - HKUS\S-1-5-21-2745678790-3757435101-538525854-1009\..\Run: [i.UA Checker] c:\program files\mi6\i.ua checker\iua_checker.exe (User 'Oksana')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Google Update Service (gupdate1c9a76a5b4470d6) (gupdate1c9a76a5b4470d6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (file missing)

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (file missing)

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--

End of file - 6995 bytes

Link to post
Share on other sites

  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files

This installer can go..

mbam-setup.exe

This folder needs to go

C:\Documents and Settings\Yuri Naumtchik>dir f:\"Nokia Music Manager"\N-1-5-21-1895552279-3129831995-389225551-6003

Run the Desinfector through again.

Link to post
Share on other sites

Hello Dan, :)

Finally I was able to clean it up totally. Now the stick is empty. There is only one wrinkle with it. I have cleaned it from CMD prompt (DOS legacy screen). Then I started disinfector. It did not show anything , I assume it finished OK. Checking the drive (stick) I can see invisible directory autorun.inf, which has a file named

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.