Jump to content

Please help me remove click.giftload

matson

By matson
in Resolved Malware Removal Logs

 Share

Recommended Posts

SpySentinel

SpySentinel

Posted
Posted

Yes there should be a hosts file listed.

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply.

Link to post
Share on other sites
matson

matson

Posted
  • Author
Posted

aswMBR log

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-08 15:15:41

-----------------------------

15:15:41.718 OS Version: Windows 5.1.2600 Service Pack 3

15:15:41.718 Number of processors: 1 586 0x2402

15:15:41.718 ComputerName: MOHICAN UserName: NICOU

15:15:42.359 Initialize success

15:15:51.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

15:15:51.984 Disk 0 Vendor: ST9120824A 3.05 Size: 114473MB BusType: 3

15:15:54.000 Disk 0 MBR read successfully

15:15:54.000 Disk 0 MBR scan

15:15:54.000 Disk 0 unknown MBR code

15:15:56.000 Disk 0 scanning sectors +234436545

15:15:56.078 Disk 0 scanning C:\WINDOWS\system32\drivers

15:16:05.734 Service scanning

15:16:06.953 Disk 0 trace - called modules:

15:16:06.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

15:16:06.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89db9ab8]

15:16:06.968 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\00000075[0x89e673b8]

15:16:06.984 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89e66940]

15:16:06.984 Scan finished successfully

15:16:20.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\MBR.dat"

15:16:20.125 The log file has been saved successfully to "C:\Documents and Settings\NICOU\Desktop\aswMBR1.txt"

Link to post
Share on other sites
SpySentinel

SpySentinel

Posted
Posted

Your log looks clean, Great Job! :)

Follow these steps to uninstall Combofix and tools used in the removal of malware

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg


    Now for some cleanup..
    Please download OTC and save it to Desktop.
    • Please make sure you are connecting to the Internet
    • Double-click OTC.exe
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

[*]Make your Internet Explorer more secure - This can be done by following these simple instructions:

  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.


    2. Next press the Apply button and then the OK to exit the Internet Properties page.


    3. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    4. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
    5. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    6. Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.
    7. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    8. Update Non-Microsoft Programs - It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

      Follow this list and your potential for being infected again will reduce dramatically.
      Here are some additional utilities that will enhance your safety
      • Norton Safe Web <= Norton Safe Web protects your browser against malicious sites and warns you when you go to one.
      • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Link to post
Share on other sites
  • 2 weeks later...
SpySentinel

SpySentinel

Posted
Posted

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.