Am I Really Clean?

Discussion in 'Malware Help (A Specialist Will Reply)' started by FighterJetMom, Nov 30, 2008.

  1. FighterJetMom

    FighterJetMom Private First Class

    Hello to you experts! This is a low-priority question compared to the "raging infection" threads. I think I need to generate logs for someone to review for me, just to be on the safe side.

    Background: I recently received a "gift horse" computer for my 11-year-old daughter from our neighbor. This machine was probably the latest and greatest nine years ago. Judging from the browser cache, the machine was used to visit the sort of sites a young man likes to visit on the Internet. :-o In fairness to the young man, the machine wasn't nearly as infected as it could have been given the length of time it was used.

    Once I got her machine hooked up to the Internet on my network, after adding all the OS service releases (Win 2K) and uninstalling programs I thought would be security risks, I installed and ran MalwareBytes, Spybot S&D, SpywareBlaster and avast! home AV and removed all critters found. Per the instructions on this most excellent forum I ran separate procedures to remove the instances of Vundo and SmitFraud discovered. Finished up with CCleaner, password-protected the admin account for myself, and created a limited user account for my daughter so she can't download anything without my say-so. :-D

    The machine now *seems* in good order, other than running on 256MB non-upgradable RAM (I think), but, since this is my young daughter, not me, I'd like to check it out to be sure.

    What kind of logs should I generate and post in due course (as I said, help the more urgent cases first).

    Grateful for this forum,

    FJM
     
    FighterJetMom, Nov 30, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to attach all 4 of the logs requested in the READ & RUN ME instructions for cleaning a Windows 2000 PC. These are the same logs you attached in your other thread for another PC; however we do not ask for the Spybot log since it is rarely needed.

    Make sure you have the current versions of Malwarebytes and SUPERAntiSpyware as your other thread shows that you are out of date!
     
    chaslang, Dec 1, 2008
    #2
  3. FighterJetMom

    FighterJetMom Private First Class

    The first three...

    (by the way, I have no idea how to remove the artifact of Norton AV that I discovered, since the software is long gone...)
     

    Attached Files:

    FighterJetMom, Dec 2, 2008
    #3
  4. FighterJetMom

    FighterJetMom Private First Class

    ...and the fourth (which was really mystifying as it whizzed by).

    Many thanks,

    FJM
     

    Attached Files:

    FighterJetMom, Dec 2, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I assume you mean what the logs showed you. If you are referring to the below left over folder than just delete it:

    c:\documents and settings\All Users\Application Data\Symantec

    Also delete the below left over from Viewpoint Media
    c:\documents and settings\All Users\Application Data\Viewpoint

    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Dec 4, 2008
    #5
  6. FighterJetMom

    FighterJetMom Private First Class

    Many thanks for your review of my logs! I will take care of the final maintenance you recommend when my child is awake. ;-) We are not having any malware-related problems with her machine.

    By "artifact" I meant that I thought I saw references to NPROTECT in my logs, which I thought was the Norton protected recycle bin.

    I am very grateful for the expertise that this forum represents.

    FJM
     
    FighterJetMom, Dec 4, 2008
    #6
  7. FighterJetMom

    FighterJetMom Private First Class

    Oops! Oops! Trouble in Paradise!

    When I attempt to delete ComboFix using the exact command described above, it tells me that a file or component cannot be found.

    The only thing I can think of is that, at some point, avast! identified one of the programs contained in it as new and unfamiliar and my daughter killed it (???). :-o

    Should I reinstall it and then delete? I await further instructions.
     
    Last edited: Dec 4, 2008
    FighterJetMom, Dec 4, 2008
    #7
  8. FighterJetMom

    FighterJetMom Private First Class

    Oh, d'oh! I just figured it out! I thought I was supposed to insert my own user profile name. I was supposed to type the word "userprofile" EXACTLY as written.

    Sorry!

    Never mind!

    It worked like a charm.
     
    FighterJetMom, Dec 5, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Dec 6, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds