43 replies to this topic

[bubhead]

Here is the Kaspersky log. The only casualty I've seen so far is Adobe acrobat professional. Looks like I'll need to reinstall. Not bad.

Let me know if there's anything here to be concerned with.

Thanks so much,

Alan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 2, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 02, 2010 01:15:27
Records in database: 4273512
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
G:\

Scan statistics:
Objects scanned: 182951
Threats found: 3
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 09:48:33


File name / Threat / Threats count
C:\Documents and Settings\Alan Brown\Local Settings\Application Data\Identities\{59F25543-3F4C-4513-8100-1180300C969E}\Microsoft\Outlook Express\Sent Items.dbx Infected: Trojan-Spy.HTML.Paylap.cf 1
C:\Program Files\Common Files\Vbox\Common\vboxten-us.vboxlm Infected: Trojan.Win32.AntiAV.gzx 1
C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 1.6\TMPGEncDVDAuthor16.exe Infected: Trojan-PSW.Win32.FakeMSN.nt 1
C:\USMT.TMP\DIR0003.TMP\00000\7CE.DAT Infected: Trojan-Spy.HTML.Paylap.cf 1
G:\Apps\OE and IE settings from old computer\mail backup-alan\Sent Items.dbx Infected: Trojan-Spy.HTML.Paylap.cf 1

Selected area has been scanned.

[AdvancedSetup]

You can upload the files below to http://www.virustotal.com/ and have them check, otherwise I'd delete them and reinstall the app if needed.

C:\Program Files\Pegasys Inc\TMPGEnc DVD Author 1.6\TMPGEncDVDAuthor16.exe
C:\USMT.TMP\DIR0003.TMP\00000\7CE.DAT

What is this folder for and what's in it? C:\USMT.TMP\


We should be done here. Some final housekeeping instructions, and protection information for you.

Your logs appear clean.You should be good to go. We still have a few items to address.

Disable your AntiVirus temporarily so that it does not block removal of Combofix.

Press the Windows key + R -> in the Run box which opens -> copy/paste in the following single line command & click OK


[indent] ComboFix /Uninstall[/indent]




This will uninstall ComboFix. It will also implement some cleanup procedures.

Re-enable your AntiVirus now.

Delete any remaining tools we've used (DDS and GMER) and logs from them.

Empty your Recycle Bin.


============================================

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

• Microsoft Windows Update -
  
  To update Windows, click on Start > Windows Update (or Start > All Programs > Windows Update if you are using the new Vista Start Menu). If the Windows Update is not found there, go to this link - http://update.microsoft.com/ .
  
  This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• SpywareBlaster to help prevent spyware from installing in the first place.
  Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
  
  
• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.
  
  
  
• Winpatrol
  
  Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.
  
  You can get a free copy of Winpatrol or use the Plus version for more features.
  
  You can read Winpatrol's FAQ if you run into problems.
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  
  Do not install more than one AntiVirus program because they will conflict with each other.
  
  
  
• Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
  
  
  
• http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
  
• http://www.aumha.org...erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

Review the security settings for Internet Explorer here
Securing Your Web Browser

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at the following post: So how did I get infected in the first place?

[bubhead]

Ron,

I've gotten rid of those programs and files that are suspect.

I've downloaded and installed Winpatrol. It will take some getting used to on that one. I've also installed WOT.

Is there a particular firewall that you would recommend? All I'm running is the Windows firewall and I'm concerned about its effectiveness.

What about a particular antivirus solution? I've used AVG in the past and quit using it after a particular nasty infection that I was able to clean up on my own. Now that this has happened, I'm wondering about the effectiveness of Avira.

Do you recommend letting Spybot's resident feature run in the background? I don't want to have too many things going on and sucking down resources, but I also want to do what I can to avoid this problem in the future.

I'm thinking about taking the time to get organized and do a fresh install of XP at some point in the future to get some of the zing back in my computer, but would like to put back just those programs that will help and get rid of some of the junk.

Thanks so much for your patience and knowledge.

Alan

[AdvancedSetup]

These are my opinions and are not the opinion of the Company - Malwarebytes whom I work for. The results have no scientific or technical data to backup my claims.

Overall most people seem to be happy with Avira AV. I use it off and on myself but on other systems where I need the protection I currently use the paid version of Kaspersky AV along with the Paid version of Malwarebytes and they seem to keep the system pretty well protected.

I use to not like Symantec AV but the new version actually isn't too bad. My wife's computer came with a copy and I was going to remove it but decided to try it out and so far its working well.

On any given day one AV is going to outshine another for some reason or another, being consistent on protection though I think is more key and Kaspersky for quite some time is always one of the top AV products. NOD32 seems to do pretty good as well. Though the interface and usage is often what seems to matter most to many users and if the program interface doesn't work the way one wants then they may opt for another brand.

ZoneAlarm has had high marks for a very good firewall but was purchased by another company and they've made some changes that some users and experts don't seem to like. One issue it has had issues with is being a resource hog and difficult to remove once it was installed so though the firewall does work well there are other issues that may not make it a good choice anymore.

Please see this article here which may help you to make up your mind on what to use. Good luck and let me know if you need anything else otherwise I'll be closing your post soon to help prevent others from posting in it.
http://forums.malwar...?showtopic=9365

Yes you're correct. Using too much software can almost be as annoying as the infection. As long as the Spybot is not dragging down the system it should be okay to run it. One of the best methods of protection I think is to use Firefox with NoScript and AdBlock Plus and that too will really help reduce the possibility of a re-infect. Though many people seem to have a hard time learning how to train and use it but if you have the time I'd check it out. Yes, fdisk, format, installing Windows XP is the only thing that will give it back that original Zing - it's just a lot of work to do, but I do it myself on systems quite often.