Am I clean now?

Discussion in 'Malware Help (A Specialist Will Reply)' started by maxwelltf, Jan 9, 2007.

  1. maxwelltf

    maxwelltf Private E-2

    OK - this is my first post. I have (had?) a malware and virus infection. I've probably read your posted instructions about 5 times (Great stuff!) and have tried to follow all the steps listed. Hope I have not missed any. Anyway, I THINK my laptop is now clean, but my confidence is very low because the darn thing kept coming back (before I followed your procedures). So before I let out a sigh of releif, I have attached the logs you have asked for, as I completed each step. Can you tell if I am clean now? How do I know if I am clean?

    This is Part 1 of 2 posts. This post has 3 logs attached.

    Next post will have second 3 logs attached.

    Thanks. -Tom
     

    Attached Files:

    maxwelltf, Jan 9, 2007
    #1
  2. maxwelltf

    maxwelltf Private E-2

    Post part 2/2.

    Final 3 logs attached.

    Thanks! -Tom
     

    Attached Files:

    maxwelltf, Jan 9, 2007
    #2
  3. maxwelltf

    maxwelltf Private E-2

    One more piece of info. As a final step, I also ran Sophos Anti-Rootkit (afterbooting in normal mode). It located 2 hidden registry entries and one hidden file. It sorta looks like I'm still infected! Is this true?? Dang it!

    I created a Sophos log file attached with the three items it reported on.

    -Tom
     

    Attached Files:

    maxwelltf, Jan 9, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please follow the steps below in the order written!

    Now Download the Registry Search Tool

    Unzip to your Desktop and double click on regsrch.vbs
    (if you have script protection in your antuvirus program, please allow this to run)

    In the dialog that opens copy and paste in the following:

    pe386

    Press 'OK'

    The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and attach it to this thread.


    Yes you are still infected with a Rustock rootkit. Run this Rustock.b - msguard, pe386, & lzx32 RootKit Removal and attach the requested logs.

    Also delete the below file:
    C:\qomdjjy.exe
     
    chaslang, Jan 10, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds