Jump to content

Antivirus 2009/RootKit infection (WinXP SP3)


Gene

Recommended Posts

First thanks in advance for you help.

I have taken the following actions below and attached are the logs from HJT, MBAM, and Panda.

1) In safe mode with networking installed spyhunter to stop rootkit blocker (couldn't access websites, install or update programs) then installed and ran Full scan with MBAM (removed all threats), then uninstalled spyhunter.

2) Full scan with Spybot (removed all threats including files left over from spyhunter)

3) Full scan with McAfee Enterprise 8.5i (cleaned and removed all threats)

The last step is what needs to be done for complete removal of all threats. Main profile on computer still has misconfigured items (Time in 24 hour format, slow network, etc.)

Thanks,

-Gene

ActiveScan.txt

mbam_log_2008_12_01__22_38_02_.txt

hijackthis.txt

ActiveScan.txt

mbam_log_2008_12_01__22_38_02_.txt

hijackthis.txt

Link to post
Share on other sites

Hello Gene,

Make sure you have de-installed and completely removed Spy Hunter.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

In a new reply, place all 3 of your reports from above "in-line" of the reply !!

Next, Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from here:

http://cid-6aaab341ce47c5c2.skydrive.live....FixPolicies.exe

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

1. Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Do not go back to review these settings as the malware may reset it. Just keep moving forward with these steps.

2. Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

=

3. Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.