police central e-crime unit virus

my boyfriend tried to use the laptop yesterday to go on facebook and a police central e-crime unit popped up saying he had to pay £100 to unlock the comp. I have been able to get the comp working in safe mode and restored it to an earlier date which seem to sort the problem but i have done the read and run me guide as i dont know it the virus is still on the comp. I have attached the logs so you can see if there is anything there. all the scans said nothing was found except rogue killer that had something come up but the guide said do nothing unless instructed.
Thanks for any help, nicola.

 

hi seem to have accidently done 2 scans so have 2 logs i have attached them both aswell, sorry. nicola.

 

Hello,

Your logs are clean but you should uninstall this: Java(TM) 7 Update 5

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: here

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Thank you, last night i had tried installing java for a site i was on and it said i needed java 7 update 7 i have two now one is 64 bit it says are these the wrong ones? my comp did a scan through avast not long after and it found a virus, i moved it to the chest and this is where/what it is..
f5ad247-7e1e6398
C:\Users\Nicola\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7
last changed 31/08/2012 07:32:01
transfer time 02/09/2012 01:03:33
virus Win32:Reverton-DF [Trj]

when researching this virus it is the one that locked down my comp. i had noticed everything seemed to be slow the other day but i assumed i was protected with avast and was fine as there was no warnings ect.

 

These are correct and the latest version of Java. Keep in mind that older versions of Java are very highly prone to infection.

Java 6 Update 7 -- Very old.

My recommendation to is to only install Java (the latest versions) if you really need to make use of it. Reveton and many other types of malware will look to exploit older versions of Java if installed on an system and visiting a compromised website.

 

I have only got the latest java now on my system but could i still be infected even though i have completed the read and run me guide or anything be left behind/disguised? I'm scared to use anything especially check my bank or buy anything as i don't want my details to be at risk.
once i am all sorted do you have any recommendations of what to keep on my comp to keep me protected? I have avast and ccleaner and the ones from the read and run guide.
Nicola.

 

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer <-- Download this to your desktop.

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptyjava]
[emptyflash]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

 

I have attached the log as requested, not sure if this helps but my internet is very slow, when clicking web pages its taking ages to load, I've only had my comp around 3 weeks and was fine before.
Also i have a HP TOOLS file in my computer and it seems to be full, no idea why as I've not saved anything there as far as i know.
thanks. Nicola.

 

Which browsers is it slow in?

This is a partition created by Hewlett Packard to diagnose memory, hard drive, and other potential hardware related problems. Leave this alone

 

I am using firefox but ive tried through internet explorer and that is the same, i use ccleaner to clear it all ect but it hasn't made any difference that's why I'm thinking malware?
Okay i will leave it alone, the drive was blue and it wasn't full just curious now its red and full.

 

Your work space is here:

Code:

Drive	[B]C:[/B]	
Description	Local Fixed Disk	
Compressed	No	
File System	NTFS	
Size	441.79 GB (474,369,486,848 bytes)	
[B][COLOR="Green"]Free Space	396.29 GB [/COLOR][/B](425,517,117,440 bytes)	

D: and E: are created by HP and the below is correct:

Code:

Drive	D:	
Description	Local Fixed Disk	
Compressed	No	
File System	NTFS	
Size	19.81 GB (21,267,214,336 bytes)	
Free Space	2.15 GB (2,304,348,160 bytes)	
Volume Name	Recovery	
Volume Serial Number	AEC8A599	
		
Drive	E:	
Description	Local Fixed Disk	
Compressed	No	
File System	FAT32	
Size	3.96 GB (4,251,975,680 bytes)	
Free Space	2.04 GB (2,195,795,968 bytes)	
Volume Name	HP_TOOLS	
Volume Serial Number	9EE2F29E

__

You should try the Software forum if you are experiencing other issues as I do not believe you are experiencing any more malware related problems.