Jump to content

Had AV Virus, Malwarebytes cleaned now frequent...


Recommended Posts

Hello Chris,

I'm finally back. Airline had challenges finding planes that would fly (safely). So, I've just fired up the computer (6:30 a.m. PDT Monday) and will give a report later in the day after some time and activities have passed. So far everything is normal but it has only been a few minutes.

Thanks,

Mike

Update: So the computer has been running and being used (not constantly but used normally) for the past 10 hours. There have been no browser redirects or abnormal behavior.

The Malwarebytes protection log from today:

06:31:04 Mike Davis MESSAGE Protection started successfully

06:31:10 Mike Davis MESSAGE IP Protection started successfully

11:59:05 Mike Davis MESSAGE IP Protection stopped

11:59:18 Mike Davis MESSAGE Database updated successfully

11:59:30 Mike Davis MESSAGE IP Protection started successfully

15:58:36 Mike Davis MESSAGE IP Protection stopped

15:58:52 Mike Davis MESSAGE Database updated successfully

15:59:06 Mike Davis MESSAGE IP Protection started successfully

The stops were just me updating the database...but you knew that.

When you are not busy, please advise next steps. Thanks! MD

Link to post
Share on other sites

  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hi Mike,

That looks good from here. :D

Ensure that a copy of ComboFix is on your Desktop before continuing.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete TDSSKiller, SecurityCheck and the Registry Search tool you downloaded.

Restart your computer and let me know what issues remain.

-screen317

Link to post
Share on other sites

Hi Mike,

That looks good from here. :D

Ensure that a copy of ComboFix is on your Desktop before continuing.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete TDSSKiller, SecurityCheck and the Registry Search tool you downloaded.

Restart your computer and let me know what issues remain.

-screen317

Hello Chris. Thanks for your message.

The removal process was a bit odd (I think). When I examined the desktop, only the Registry Search tool showed (and other items like CCleaner, GMER, and defogger that we had installed). So, I deleted the Registry Search tool, found TDSSKiller in a folder where I had saved it (I believe it just ran from the archive) and deleted it, grabbed a new copy of Combofix and ran the uninstall which worked fine, and never found your Security Check tool.

I will attest that I never deleted Combofix, your security check tool or anything else we installed without your instruction so I'm a little puzzled. However, I'm the first to admit to mistakes but I've tried to be careful here and follow instructions.

Anyway, those steps are done such as they are. That means that Defogger, DDS (which I think is a script), CCleaner, GMER, RootRepeal and some logs remain on my desktop.

The machine has only been running less than an hour right now with now problems but I'll exercise it today and give you a report later in the afternoon.

Thanks,

MD

Link to post
Share on other sites

  • Staff
I will attest that I never deleted Combofix, your security check tool or anything else we installed without your instruction so I'm a little puzzled. However, I'm the first to admit to mistakes but I've tried to be careful here and follow instructions.

Anyway, those steps are done such as they are. That means that Defogger, DDS (which I think is a script), CCleaner, GMER, RootRepeal and some logs remain on my desktop.

Likely that you saved SecurityCheck to a temporary folder and that CCleaner removed it.

Re-enable Defogger if you haven't already, delete DDS, GMER, Rootrepeal, and the logs on your Desktop. You can keep CCleaner for temp folder cleaning.

The machine has only been running less than an hour right now with now problems but I'll exercise it today and give you a report later in the afternoon.
Okie dokey. :D

-screen317

Link to post
Share on other sites

Likely that you saved SecurityCheck to a temporary folder and that CCleaner removed it.

Re-enable Defogger if you haven't already, delete DDS, GMER, Rootrepeal, and the logs on your Desktop. You can keep CCleaner for temp folder cleaning.

Okie dokey. :D

-screen317

Hello Chris,

So I just re-enabled Defogger. Now deleted DDS, GMER, Rootrepeal and the logs. Left CCleaner on the desktop. The machine has been running all day. Not attended always but ran both browsers (IE and FFOX) extensively, other programs (MS Money, Agent, and Media Monkey), everything has behaved normally for the 9 hours since this a.m. Here is the Malwarebytes log:

06:43:17 Mike Davis MESSAGE Protection started successfully

06:43:23 Mike Davis MESSAGE IP Protection started successfully

06:44:48 Mike Davis MESSAGE IP Protection stopped

06:45:02 Mike Davis MESSAGE Database updated successfully

06:45:12 Mike Davis MESSAGE IP Protection started successfully

06:57:15 Mike Davis MESSAGE Protection started successfully

06:57:28 Mike Davis MESSAGE IP Protection started successfully

As you can see, there have been no blocked websites etc.

Thanks,

MED

Link to post
Share on other sites

Great news. :D

Everything looks good from here. Anything else I can help you with?

Hello Chris,

Thanks so much for all your help. Some place I can express my gratitude by making a donation would be good....

Best to you,

Mike

Link to post
Share on other sites

  • Staff

Hi Mike,

Your generosity is appreciated but I must politely refuse your offer. I am an employee of Malwarebytes and I think that would be against the rules.

You have already purchased the Pro version of MBAM and that is all I can ask of you. :P

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

Hi Mike,

Your generosity is appreciated but I must politely refuse your offer. I am an employee of Malwarebytes and I think that would be against the rules.

You have already purchased the Pro version of MBAM and that is all I can ask of you. :D

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Hello Chris:

Thanks for all your help. I've followed the instructions above successfully. Had older version of Itunes and Flash on the machine which have now been updated. The only thing I couldn't do was run "Jason's Toolbox" which was referenced in Tony Klein's article. It appears the links are dead, although I can get to Jason's site, just not the browser tester.

Once again, thanks for cleaning up my machine.

Best regards,

Mike

Link to post
Share on other sites

  • Staff

Glad we could help. ;)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.