Trojan removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by dtpascoe, Nov 13, 2009.

  1. dtpascoe

    dtpascoe Private E-2

    Hi:wave i'm trying to sort out my girlfriends laptop. Its a toshiba satellite pro with XP Pro sp3, 2.5 celeron, 1gb ram.

    I recently changed her anti virus from mcaffe to avira free, i followed a guide from blackvipers website (www.blackviper.com) about disabling unnecesary services in xp and ran cc cleaner to clear all the temps etc. When i rebooted avira free found TR/Crypt.ZPACK.Gen. I'm not sure whether this was already present before i started cleaning or possibly slipped through when i momentarily connected to the internet to allow avira to registerrolleyes:-o.

    I followed through the READ & RUN ME FIRST thread and got the following log files. I ended up with two combofix logs as the recovery console would not install at first and then when i manually installed it i think i started a new scan. I would much appreciate some one looking over these logs and giving me the all clear/ telling me where to go next:confused.

    Look torward to correspondence Dave
     

    Attached Files:

    dtpascoe, Nov 13, 2009
    #1
  2. dtpascoe

    dtpascoe Private E-2

    Here are the rest of the logs.
     

    Attached Files:

    dtpascoe, Nov 13, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears as though the scans took care of the infections. The rest of your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Nov 15, 2009
    #3
  4. dtpascoe

    dtpascoe Private E-2

    Thanks for that TimW i appreciate your time. Could you just let me know the best way of removing RootRepeal, all the other programs left without fuss but this one doen't seem to have an obvious way of removing.

    Also the system seems to have developed an issue with the windows firewall, sometimes when rebooting the firewall is disabled other times it takes a moment for the XP warning symbol to Disappear?

    Also whats the general opinion on CC cleaners registry cleaner? Quite a few issues and references are found relating to programs that i have recently removed, is it safe to delete this items? If this is considered a topic for another forum please just let me know.
     
    dtpascoe, Nov 15, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you unable to right click both of these and just delete them?
    C:\Documents and Settings\Joana Nunes\Desktop\RootRepeal.exe
    C:\Documents and Settings\Joana Nunes\Desktop\RootRepeal
    Best to pursue that in the software forum.
    You can run the registry cleaner as long as you make the backup when prompted. But I have never found an issue when running that.

    And you are most welcome!
     
    TimW, Nov 18, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds