Messenger Virus

Hullo friend geeks!

The Girl Friend accidentally clicked on an attachment sent by a messenger virus (she is a smart, technical lady who was just having a bad day! ) and of course all of her messenger contacts started getting the same attachment sent to them from her messenger account.

I've gone through the read and run me first (don't think I've missed anything, but apologies in advance if I did), and also ran a scan usng the AVG antivirus installed on the computer with updated definitions and a Trend-Micro Housecall scan. Things seem settled down now, but some keylogger/trojan infections were found and cleaned by the scans, so I would really appreciate you guys taking a look at the log files to make sure everything is really clean before the GF starts using messenger and doing internet banking, etc from the problem box. Thanks in advance!

 

And the rest of the log files...

 

Hi Gecks!
Welcome to Major Geeks!
I'm looking at your logs. This takes time, so please be patient.
abri

 

Hi Gecks!

Just a note before you start. Messenger Plus is a plague. Windows Messenger is a vulnerability. MSN Messenger Live and MSN Messenger are fine. All four sound similar but they aren't.

0) Please go to this website and see if you can get rid of those items which BitDefender is showing as being in your Norton's Quarantine folder.
Removing Files from Norton Antivirus Quarantine

After doing the above, since you're no longer using Symantec, you may need to run their Norton Removal Tool (SymNRT) in order to get the remnants of their software out of the computer.

1) Now please go to add/remove programs and uninstall the following:

- J2SE Runtime Environment 5.0 Update 5
- Sunbelt Counterspy
- Messenger Plus! Live

2) Then delete the below folders which may be left behind by the uninstall:

C:\Documents and Settings\HP_Administrator\Application Data\Sunbelt Software
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

3) Now REBOOT your computer!

4) After you've rebooted, please install Java Runtime Environment vs. 6.2

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

7) Please post a fresh hijackthis log.

- hijackthis.log

abri

 

Awesome, and thanks!

Followed your instructions, posting the updated hijackthis log.


Really appreciate the help!

 

Hi Gecks!
Please turn off system restore now. I want to see if the Norton Quarantine is empty or gone now and see if we can get your restore points clean.

Please run the BitDefender scan once more and post the log to me along with a fresh Shownew log (newfiles.txt).

- bdscan.txt
- newfiles.txt

Thanks.
abri

 

OK, steps done, log file attached.

Things are looking up, no infections found by the bit defender scan this time.

Thanks again for all your help!

 

Hi Gecks!

1) Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main ATF Cleaner menu to close the program.

2) Please re-enable your system restore now:

For Windows XP:

1: Right click on the My Computer icon on your desktop and select properties.
2: Click on the system restore tab.
3: Un-Check the box that says "Turn off system restore on all drives". Click OK.

3) If you are not having any other malware problems, it is time to do our final steps:

abri