Looking for help to make sure all the rootkit/malware threats have gone

Discussion in 'Malware Help (A Specialist Will Reply)' started by biffabacon, Mar 17, 2009.

  1. biffabacon

    biffabacon Private E-2

    Ok i have just finished running all the steps upto mgtools scan in the XP Cleaning thread, i did the RUN & READ then onto the clean up scans but still wanted to post to make sure if there is anything still there not deleted
    these scans have definitely helped though but just want to make sure.

    Problems started middle of february, my NOD32(which i have since uninstalled) was popping up with Trojans like 'Rootkit.Podnuha'
    'Win32/Olmarik.FT' 'Win32/Inhector.DW' and had something about an object 'http://csteenhoff.com/temp/bf.exe' too,
    my homepage would be like a basic html page, nothing like it should look, i'd get pop ups from onlinecasino site until i had
    to click shut down (or till my computer froze), i was no longer able to log into anything(email,other accounts, most mboards)
    apart from a couple messageboards(thats if IE wasnt just closing or freezing and forcing me to turn off the comp without shutting down),
    when i searched for help and found majorgeeks and other sites i would get "page cannot be found" when trying to get to them as if the malware/trojan was
    stopping me getting help, certain scanners like Malwarebytes would no longer open when i tried to run them, i did at that time(mid feb) get a catchme log, HJlog & nod32 log but not sure if they will help now,
    anyway for whatever reason things got a bit better this week and i was finally able to get on majorgeeks and log into most places so managed to do the run and read though
    even today things were still a bit weird as i was getting random radio stations and advertisements playing out my speakers with everything closed,
    also knew my computer usage at times and the sound from the comp that there was stuff wrong.

    Windows update was also in my tray wanting me to download ServicePack3, during the last month which i didnt do, the icon has since disappeared after these scans tonight, not sure if this is relevent at all but thought i'd mention.

    Like i said, things seems back to normal right now after those 4 scans (SAS, Mbam, Combo & Mgtools), Mbams seemed to find a lot of trojans, and from what i
    have read these rootkit ones are hard to get rid of and can remain in restore points and what not so just want
    to make sure everything is fine so would appreaciate the help of someone who knows about this stuff.

    Thanks in advance.
     

    Attached Files:

    biffabacon, Mar 17, 2009
    #1
  2. biffabacon

    biffabacon Private E-2

    Just adding 4th log...
     

    Attached Files:

    biffabacon, Mar 17, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You have some more to fix and I'm going to also add in some redundancy by fixing some items than may already be fixed.

    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    Now run Ccleaner!

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 18, 2009
    #3
  4. biffabacon

    biffabacon Private E-2

    Hey, many thanks for you assistance.

    Everything seems fine, it has done since after i did the 4 scans yesterday morning in XP Cleaning Procedure, but then AVG popped up with a trojan warning last night so i dont know if they are totally gone, i havent toggled system restore as i didnt go any further than the scanning steps and start up is still set to normal mode.

    I followed your instructions, combofix updated to a new version pre scan so hopefully that didnt effect things, and when i ran CCleaner afterwards, i did Windows tab scan but also did Registry as wasnt sure which to do, have attached the logs you requested.
     

    Attached Files:

    biffabacon, Mar 18, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As stated in the original READ & RUN ME
    It does not matter now but we don't recommend using any registry cleaners.

    Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Mar 21, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds