opened an rar exe by mistake

I opened an email that had an rar.exe in it from UPS and clicked it..I didn't extract the file ..just clicked the rar.exe. Is there any thing I can do to prevent the malware or whatever is going to happen from happening?
I tried system restore but it couldn't restore for some unknown reason.
I am running spybot and malware now..

 

Hi zordic,

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.
​

 

attached are the files.
Prior to running the programs windows defender finally found the trojan and claims to have successfully removed it..still nervous about it though as it took a week for defender to 'see it''.
anyhow so far so good..

 

Most of your logs look clean. However, the MGlogs.zip is incomplete. Can you run the following file: c:\MGtools\GetLogs.bat

This will rescan with MGtools and update c:\MGlogs.zip

Then attach the newest MGlogs.zip for review.

 

ok..here is the zip file..

 

For some reason they aren't getting zipped properly.

Please attach these logs individually:

c:\MGtools\runkeys.txt
c:\MGtools\newfiles.txt

I also noticed these:

Code:

01/30/2012  04:43 PM           154,439 [B][COLOR="Red"]zia02064[/COLOR][/B]
01/30/2012  04:43 PM             2,329 [B][COLOR="Red"]zia03624[/COLOR][/B]
01/29/2012  08:22 PM            38,538 [B][COLOR="Red"]zia03872[/COLOR][/B]
01/29/2012  08:25 PM           109,307 [B][COLOR="Red"]zib03872[/COLOR][/B]

If you could zip those files in the code box up too and attach them.

 

hopefully this is what you need.
thx for your help

 

Yes, thank you.

Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the text-field.

Code:

[COLOR="DarkRed"]:files[/COLOR]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EM0JJ8JS\*.xml
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\UJUWNI2A\*.xml
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\WUC1FHI0\*.xml
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\ZDJV9E0R\*.xml
C:\Documents and Settings\Ben\Local Settings\Application Data\hklkkm8p4ehl0nfv1pof5x250t1f
C:\Documents and Settings\All Users\Application Data\hklkkm8p4ehl0nfv1pof5x250t1f
C:\Documents and Settings\Ben\Templates\hklkkm8p4ehl0nfv1pof5x250t1f
dir /s "c:\documents and settings\Ben\Application Data\Tufog\" /c
[COLOR="DarkRed"]:commands[/COLOR]
[emptytemp]

Now click the button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

Now download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

Let me know how the system is running after you have completed these steps.

 

alrighty then...here are the two files requested.

 

system runs fine..thank goodness.
hopefully your magic rid the demons..
thanks again
Ben

 

You can delete this folder (optional) : c:\documents and settings\Ben\Application Data\Tufog

Your latest logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Take care and be safe!

 

Thank you for clarifying