Malware/Infection remains after cleanup?

**CAUTION: Using P2P programs and torrent downloads can be dangerous,
as they by-pass your firewall and may contain malware.


If you haven't already, please disable the Guest account in User accounts.

Please use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 6

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now use windows explorer to find and delete:
c:\windows\Tasks\djdrlmfh.job
c:\windows\Tasks\iiouskff.job
c:\windows\Tasks\jgvavulm.job
c:\windows\Tasks\obnrcagy.job
c:\windows\system32\x32uwmak.dll

Reboot and make sure those items are gone.

Now download and install:
Java Runtime 6

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.

 

Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   • Delete the C:\combofix folder from combofix (if it exists)
   
   
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
7. If you are running Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
8. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!
   
   

 

Then we need to run the scans on her account ( as well as the other accounts).

Please run SAS, MBAM and the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file. on her account. Label them so I know who's is what.

The run SAS and MBAM on the other accounts and attach any logs that show malware finds again labeling them.

 

Since you are an administrator, you can go to user accounts and change the password for the admin account.

Are you still having any issues?

 

Yes I think you are clean.....but you will have to post in the software section to get assistance with the Admin log in password.

If/when you can access that account, you can check it and always come back to this thread if you find any problems.

 

None of the scans removed your printer from other users. You may have to temporarily make those users admins and then install the printers on those accounts. Then after reboots, return them to limited users.

If you have problems with this, do post in software to pursue this.

 

You will probably have to set the printer permissions for all accouts...something to pursue in software.

The email issue will probably entail you going into her email account and deleting any with attachments or links.

You can also log into her account and do a Bitdefender scan:

This procedure explains how to get to the BitDefender Online Scan sites and how to setup and perform an online scan. It also explains how to obtain a log so you can attach it to a message. You must use Internet Explorer to run this scan and make sure your Sun Java version it current. Get Sun Java here: Sun Java Runtime EnvironmentBefore installing the current version, you should uninstall all previous versions first!!!!

****NOTE**** DO NOT INSTALL Bitdefender's Antivirus program. Make sure you follow the directions below and run the ONLINE SCANNER only.


To start the online scan go here: Bitdefender

• Agree to the license and then select Scan.
  
  • DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.
  
  
• Once Bitdefender completes the scan:
  
  • Click-on the Detected Problems tab. Then select Click here to export the scan report
  • When the window comes up to save the report, change the Save as type: box to Text (Tab Delimited) (*.txt)
  • And then in the File name box enter bdscan then click save. This will save a file named bdscan.txt in whatever folder you are currently in when you save the file (take notice of where you are at so you can find it later). This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html. If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.
  
  
• Post the bdscan.txt file as an ATTACHMENT. See: HOW TO: Attach Items To Your Post
• If you run BitDefender Online scan and have previously run PandaActive scan, the below false detection may be seen in BitDefender:
  
  C:\WINDOWS\system32\ActiveScan\pskahk.dll
  Infected with: Generic.Malware.SIMDWYNVdprn.D9407F4E