Malware removal..?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Gene2308, Jul 13, 2009.

  1. Gene2308

    Gene2308 Private E-2

    Hi, and thank you before I even start ;). I did all the steps as per the instructions on this forum. The Superanti didn't pick up anything, nor did the Malwarebytes.

    Hopefully I have attached everything correct.

    The reason I am posting is because my anti-virus software (webroot) has twice picked up malware for quarantine, even after the superantispy and malwarebytes running.

    Thank you!
     

    Attached Files:

    Gene2308, Jul 13, 2009
    #1
  2. Gene2308

    Gene2308 Private E-2

    The other one.
     

    Attached Files:

    Gene2308, Jul 13, 2009
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi and welcome :)

    Could you please tell me the exact file and file path of where webroot is finding the threat?

    In the meantime I shall make a start on reviewing your logs. This takes time so your patience is very much apppreciated. I will get back to you with a set of instructions as soon as possible.

    Thanks
    Kestrel13!
     
    Kestrel13!, Jul 16, 2009
    #3
  4. Gene2308

    Gene2308 Private E-2

    Hey, I appreciate the reply. I will log onto my computer (I have been leaving it alone since I found the malware on webroot) and see if I can find the path the malware is using....it should be in quarantine I think. I assume I can just check it by clicking around on it..?

    Thank you for the reply once again. :)
     
    Gene2308, Jul 16, 2009
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not familiar with webroot, however you should be able to locate the quarantined section quite easily and let me know the file and file path of the threat. Has webroot detected anything since you ran ComboFix?

    Thanks
    Kes
     
    Kestrel13!, Jul 16, 2009
    #5
  6. Gene2308

    Gene2308 Private E-2

    Yes, it just found this one after a run that spanned from yesterday and today (I closed the laptop during the full sweep last night and resumed today):

    "Mal/Generic A" 2 traces found ....?

    I see this on the session log for my webroot sweep:

    7/17/2009 1:09:07 PM: License Check Status (0): Success
    7/17/2009 1:08:59 PM: Automated check for program update in progress.
    7/17/2009 1:08:30 PM: Removal process completed. Elapsed time 00:00:19
    7/17/2009 1:08:27 PM: Quarantining All Traces: tribalfusion cookie
    7/17/2009 1:08:27 PM: Quarantining All Traces: statcounter cookie
    7/17/2009 1:08:27 PM: Quarantining All Traces: serving-sys cookie
    7/17/2009 1:08:27 PM: Quarantining All Traces: redsheriff cookies
    7/17/2009 1:08:27 PM: Quarantining All Traces: doubleclick cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: specificclick.com cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: zedo cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: burstnet cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: bs.serving-sys cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: atlas dmt cookie
    7/17/2009 1:08:26 PM: Quarantining All Traces: advertising cookie
    7/17/2009 1:08:25 PM: Quarantining All Traces: pointroll cookie
    7/17/2009 1:08:25 PM: Quarantining All Traces: yieldmanager cookie
    7/17/2009 1:08:25 PM: Quarantining All Traces: 2o7.net cookie
    7/17/2009 1:08:24 PM: Quarantining All Traces: 247realmedia cookie
    7/17/2009 1:08:20 PM: Quarantining All Traces: Mal/Generic-A
    7/17/2009 1:08:11 PM: Removal process initiated
    7/17/2009 1:07:52 PM: Traces Found: 21
    7/17/2009 1:07:52 PM: Full Sweep has completed. Elapsed time 19:15:15
    7/17/2009 1:07:51 PM: File Sweep Complete, Elapsed Time: 19:04:54
    7/17/2009 1:06:33 PM: Warning: Corrupt Archive: C:\MGlogs.zip


    I don't know if this is what you meant...I am not so great with computers.

    Thank you once again.
     
    Gene2308, Jul 17, 2009
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not much to do -

    1. Please go to Add/Remove Programs and uninstall the below software:

    • Error Fix
    • Java(TM) 6 Update 13
    • Uniblue RegistryBooster 2009 <--- uninstall this unless you purchased it.

    2. If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    3. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    and finally...

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jul 19, 2009
    #7
  8. Gene2308

    Gene2308 Private E-2

    Thank you so much man ;). I wish I could buy you a guinness or something.

    I ran all the steps you listed, and installed firefox, comodo firewall (not AV part), and am going to run a sweep to see if I get any more malware hits now.

    I appreciate your work...this site is excellent.
     
    Gene2308, Jul 19, 2009
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    So do I LOL I Love the stuff

    You're VERY welcome, safe surfing :)
     
    Kestrel13!, Jul 19, 2009
    #9
  10. Gene2308

    Gene2308 Private E-2

    Yeah, I did a full sweep and it picked up no virues or anything. The firewall is running like a charm, though it did try to stop skype from opening a few times.

    Is there a safe way to get the adobe flash player by chance? I know I am pushing my luck here and should just be happy to not have huge computer shop bills...thanks to you and everyone here ;).

    Thanks man!
     
    Gene2308, Jul 19, 2009
    #10
  11. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Jul 19, 2009
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds