duh! clicked on link and . . .

Discussion in 'Malware Help (A Specialist Will Reply)' started by sigother, Jun 9, 2008.

  1. sigother

    sigother Private E-2

    I clicked on a link in my email yesterday and my free macafee software warned me that a virus was downloaded to the Temp/Content IE.5 folder, but it couldn't be deleted. I went to look for the file, but it wasn't there. I deleted all of my Temp files that I was able to delete. After several scans showing up nothing, I disabled Macafee and downloaded Avast. That scan also showed no infected viruses. So I downlaoded Trend Micro HJ This and here is my log file. Can anyone tell me what to do next? Is my computer safe now?

    Logfile of Trend Micro HijackThis v2.0.2
     
    Last edited by a moderator: Jun 9, 2008
    sigother, Jun 9, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Jun 9, 2008
    #2
  3. sigother

    sigother Private E-2


    Thanks for help. Before I heard back from you, I manually emptied all my temp folders that I could see. I ran another McAfee scan and it did not detect anything. Then I ran the microsoft windows online malware scan, and that did not detect anything. (I forgot what it was called exactly - Windows One . . . something?)

    I uninstalled McAfee/AOL security center software - well, at least I thought I did. I did it from the Add/Remove programs, but when I see the scans going, I still see AOL folders.

    Following the Malware Removal Guide, when I did the ccleaner step, it said that it repaired the registery, but I'm still getting this error upon booting (I've had this error for close to a year now): Error in C:\windows\system32\spool\DRIVERS\w32x86\3\DLCDtime.dll

    The ccleaner (which I paid for) also wiped out my bluetooth - it said that my bluetooth expired or something like that and now I can't use my wireless keyboard or mouse. So I uninstalled the Logitech Software and I'll reinstall it when this whole process is over.

    So, I finished with steps 1 and 2 (althought I couldn't find any AOL Security Center quarantine files) and next, I did the first malware scan, the SuperAntiSyware. that scan detected nothing as well.

    So now I'll move to the Spybot scan, but I had a few questions:

    I always used the Startup in MSConfig to stop programs from loading, but following the advice in the malware removal guide, I'm getting a couple of things that I don't know what to do with: (1) The Windows Desktop Search indexing is always going on; and (2) there's an icon that says "windows is managing your Intel Pro Set Wireless.
    Do I want the Windows Desktop Search indexing?
    Do I allow windows to manage my wireless connection?

    I also wanted to know if there is anything wrong with using the Windows firewall? I have a cable modem with a linksys router that is a firewall, right? But I also have the Windows firewall enabled. (When I had AOL Security Center, I sometimes used their firewall as well). Linksys says that I do not need any software firewall at all. Is this true? And is the Windows firewall sufficient or preferred?

    Thanks in advance for your help. Oh, one more question: When I'm done with all the scans and nothing is detected, should I still reinstall HJthis again?
     
    sigother, Jun 11, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    My first question is :
    ccleaner (which I paid for)? -> this is a free utility. We don't ask you to run anything but the cleaner for temp files.

    I need the logs, even if they show no infections.
     
    TimW, Jun 12, 2008
    #4
  5. sigother

    sigother Private E-2

    I need the logs, even if they show no infections.[/QUOTE]

    Log of SAS attached.

    Spybot Search and Destroy found a few things and fixed them but I don't know how to get that log. . .

    I haven't done the others yet.
     

    Attached Files:

    sigother, Jun 12, 2008
    #5
  6. sigother

    sigother Private E-2

    Here are the logs from MBAM and Combofix. Neither one detected any malware.
    So now all that is left is the MGtools. I'll do that one tomorrow. Thanks again for your help.
     

    Attached Files:

    sigother, Jun 13, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Unless I find something in the MGLogs.zip....you will need to tell me exactly what malware issues you are having.
     
    TimW, Jun 13, 2008
    #7
  8. sigother

    sigother Private E-2

    Here is my mglogs.zip. I'm not actually having a problem. I clicked on the link in an email (details in first post) and McAfee said that it couldn't delete or quarantine the virus that I downloaded. . . .
     

    Attached Files:

    sigother, Jun 15, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    So you have uninstalled McAfee and installed Avast? Does it report anything?

    Do you remember exactly what McAfee was reporting..the full path?

    I am not seeing any malware.....
     
    TimW, Jun 15, 2008
    #9
  10. sigother

    sigother Private E-2


    Yes, I uninstalled McAfee and installed Avast. I can't remember what the first McAfee pop-up said right after I clicked on the link, but the second one (a few seconds later) definitely said that we are unable to fix or quarantee the file. But then I went in and deleted all the temp files that I could see in Contents/ie5 - but I know there must be more temp files.

    So what now, just go on using my computer like always?

    and thank you so . . . so . . . so . . . much for your help!
     
    sigother, Jun 17, 2008
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Periodically deleting the temp IE files is always a good thing to do....there are programs that will do that for you.....

    Please download ATF Cleaner by Atribune. This program does not require an installation. The executable actually runs the program.

    NOTE: This program is for Windows XP and Windows 2000 only. ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.

    * Double-click ATF-Cleaner.exe to run the program.
    * Under Main choose: Select All
    * Click the Empty Selected button.

    If you use Firefox browser

    * Click Firefox at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser

    * Click Opera at the top and choose: Select All
    * Click the Empty Selected button.
    o NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    Otherwise:

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2. Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
    TimW, Jun 18, 2008
    #11
  12. sigother

    sigother Private E-2

    combofix removal

    I thought I ran combofix from the desktop, but it was in a folder on the desktop that I named Anti-Malware Downloads. So the Uninstall is not working. Is there another way to uninstall it?

    Should I uninstall SAS, Spybot and Malwarebytes? They are in that folder as well.

    Thanks.
     
    sigother, Jun 22, 2008
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That was not where we asked you to download the tools to......you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs.

    You can keep the three programs as backup scans when you suspect trouble.
     
    TimW, Jun 23, 2008
    #13

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds