Ran All Pre-Help Scans; Next Steps

Good evening,

First of all, thank you for the outstanding (and very understandable) pre-help tutorial. I've already learned more than quite a few of my computer security classes have presented just from visiting this site.

My original reason for running the scans (logs attached) is I had been infected with the Win 7 Antivirus Trojan. Before visiting this site, I had some success with using a restore point to get rid of the overt problems.

Unfortunately, the underlying issues were that my MSE was picking up sirefef.j and Alureon.TK viruses. Even worse, MSE had them marked as "allowed" rather than deleted or quarantined.

Upon my visit here, I read the "Read and Run" tutorial (again, very easy to follow... not an easy task to accomplish) and ran the required software and scans. I didn't dare continue on my own, without consulting the folks here first.

I haven't run my MSE again to see if the two above-mentioned viruses are still around (I did ,however, reactivate the "Real-Time Protection"), so I suppose my reason for posting would be to ask if I should run the MSE scan, and find out if there's anything suspicious in my log results.

I am running a 64-bit system, so I did not download RootRepeal.

Any help is appreciated, and again, thanks for all the help already.

 

Thanks for the quick reply and the further help.

I've completed the two scans requested and attached the logs. I'm not sure if this makes any difference, but I have two internal, and two external hard drives (not in any RAID configuration) attached to my system in case that gave problems to the scan results.

It looked like the small external drive had an unknown boot record - I used that drive in my original attempt to rid myself of the Win 7 virus (prior to using a restore point) by bringing malwarebytes over from a clean computer.

 

It looks as though my attachments may not have saved to my most recent post properly. I am reposting the TDSSKiller and MBRCheck logs again just to be sure they get through.

 

I disconnected the small external drive and ran a full MSE scan. To my delight there weren't any malevolent programs found.

Per the advice in the overall instructions, I gave it a couple of days and ran the scan again to make sure everything was still functioning. The second full scan last night also came back without any problems.

It appears that I should move on to step 5 in the procedure. Would you suggest removing any of the software programs retrieved from any procedures? Several of them seem very useful for the future, but if something like ComboFix is so powerful it's suggested against further use, I'd understand advising its removal.

Thank you very much for all the help.

 

Hello Sens29,

Are you having any other malware problems? If so, let me know. Otherwise, you can proceed with the below:

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

Everything is in perfect working order without any issues. I have uninstalled CombFix and followed the steps for MGTools as well. I have MSE updated, and I've coincidentally been promised Norton 360 for x-mas, so everything should be taken care of for the future.

Thank you all over at Major Geeks. You've basically made it possible to finish my final reports for my classes this semester. I know there isn't a way to donate to this site, but I will definitely be sending anyone with a computer problem over here before anything else.

Thanks again, I really appreciate the help (and useful tools).

 

You're welcome. We do have merchandise you can purchase if you would like something:

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies