Is this laptop now truly clean?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by randsb, Aug 1, 2009.

  1. randsb

    randsb Private E-2

    This was the problem encountered suddenly after this laptop had been in hibernation or sleep mode overnight at a hotel (wireless connection also had been left on): neither wireless nor ethernet connectivity worked, most windows services, including updates, diagnostics, installers, and Live OneCare stopped and could not be restarted. Safe mode with networking permitted internet connectivity, but attempts to restore to last good configuration and to restore points going back two or three weeks were unsuccessful. Windows Malicious Software Removal Tool stated no infections were detected, but these problems persisted. Live OneCare had been kept up-to-date and the laptop was tuned and maintained.

    Followed the steps in the Read & Run Me First guide, to the extent I could. These were the notable events & exceptions:
    • Uninstalled Viewpoint Media Player
    • Could not uninstall Java SE Runtime Environment ("Windows Installer Service could not be accessed.")
    • MSConfig wouldn't run in Normal. Had to stay in safe mode w/ networking UNTIL:

    After disabling the User Account Control & restarting, things returned to apparent normalcy in normal mode--internet connectivity, services running, etc!!

    Installed & ran the scans: Most noteworthy was a "Trojan Agent" detected and removed by Malwarebytes.

    Things now appear to be functioning normally with some minor exceptions (OneCare acts as though it was newly installed.) I completed Step #5 of the Vista Cleaning Procedure. (Enabled UAC.)

    What's your diagnosis? Please examine the logs to reassure me all is well. And, thanks!!

    (The Root Repeal logs, split into two parts for size consideration, will follow immediately.)
     

    Attached Files:

    randsb, Aug 1, 2009
    #1
  2. randsb

    randsb Private E-2

    Here are the Root Repeal logs.
     

    Attached Files:

    randsb, Aug 1, 2009
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, randsb

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

    Thanks for your patience.
    dr.m
     
    dr.moriarty, Aug 2, 2009
    #3
  4. randsb

    randsb Private E-2

    Thanks, dr. m. Look forward to hearing back from you.
     
    randsb, Aug 2, 2009
    #4
  5. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, randsb

    Your logs are clean! However - let's update your Java.
    1. Please look in Add/Remove Programs for the following and uninstall Java(TM) SE Runtime Environment 6
    2. Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!
    3. Now install the latest Sun Java Runtime Environment

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

      • Note: Updating Malwarebytes' and SUPERAntiSpyware scanners.
        * Malwarebytes' - Just "open" MBAM > click on the "Update" tab > click on the "Check for updates" button.
        * SUPERAntiSpyware
        • Please uninstall your current version (this is necessary).
        • Then download this SUPERAntiSpyware
        • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
        • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:

    Safe surfing! [​IMG]
     
    dr.moriarty, Aug 10, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds