Was Malware infected. How can I tell if my system is now clean?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by deb555, Jan 1, 2010.

  1. deb555

    deb555 Private E-2

    Hi there.

    Question: Can anyone tell from the logs or provide me next steps to make sure I'm clean?

    I followed all the steps listed in the READ & RUN ME First post. Here is a summary of the issue and results.

    I couldn't run any programs in Normal mode, admin rights seemed to be removed from my account, pop-ups stating that I had virus, fake scanner Internet Security 2010 kept running and explorer would open and take me to different websites. Could not run most exe files while in normal mode. I immediately disconnected from the internet.

    Not sure if I followed directions perfectly, as it took me several different tries to get some of the steps to work. I figured that I was one step away from a reformat, so how bad could I mess things us. Here is an overall summary and then more detail.

    My first time trying, I was not able to complete most steps. Then when I got to the combofix.exe step, it seemed to clean my computer enough so I could regain control, so I went back and started from the very beginning and followed each step again, in order (hope that wasn't a stupid thing to do!)

    Here is a summary of my results and final logs attached:
    Step 1-5 (done)
    Step 6: Windows XP Cleaning Procedure
    I could not run RootRepeal. I would receive the message "Initializing, please wait" and nothing would happen. Used Task Manager end task function to recover. Moved on to MGtools.​

    My system seems to be running okay now. Because I don't seem to be having any more problems, I will now follow next sub-steps to Step 6 above--Toggle System Restore and Keeping your computer safe and secure.

    Can anyone tell from the logs or provide me next steps to make sure I'm clean?

    Thank you

    Deb

    P.S. A very special thank you. The instructions were very clear and I appreciate the time it took to provide so much information to those of us so very much in need. Thank you for your generosity.
     

    Attached Files:

    deb555, Jan 1, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You're welcome. ;) Your logs are clean, I just have one step for you to do before final instructions.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 3, 2010
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds