Can't get SAS updates

Following READ & RUN ME FIRST (at a snails pace...been sick) and I can't update SAS definitions. I have win XP. I manually downloaded and extracted then I attempted to update by going to the SAS main screen and clicked check for updates and it still gives me the original error message that my firewall must be blocking. I have checked my firewall and SAS is allowed. What next?

TIA

 

Hello texasharper,

Simply skip that part of the step and move forward.

 

I am at the combofix portion of READ & RUN ME FIRST, I have had tons of problems attempting to install windows recovery console(still not sure that was accomplished!) and difficulties with running the scan. I, at one point, forgot to disable SAS and it popped up during the scan.
Anyway, I tried to attach the combofix log and found out that it was too large,(I ran CCleaner) some 400KB too large. So, now what?

Peace,

tex

 

Could you try using WinZIP or any other compression program that deals in .zip files, and compress and attach the file that way?

 

Ok, SAS was clean, Spybot was clean as was Malwarebytes. I don't know what went wrong with my last combofix scan, but it was 650KB. I couldn't figure out a way to compress it so I deleted and ran the scan again. Again I had the same problem as before, combofix would get to autoscan then a screen for WRC would pop up and say...
Installing the Recovery Console
Please click "Yes" in the End User License Agreement(EULA) dialog that follows...
[OK]
I click ok, then...
a WRC box with the option to either run or cancel comes up. I click run or cancel and both time an error box displays saying...

You didn't select "Yes"
Installation Aborted
[OK]

I know I screwed the pooch; swing the 2 x 4's if you must!

tex

So, I ran w/o WRC and this is the scan that resulted.

 

Going to take a MUCH needed bubble bath. Will check back later, thanks to all!!

 

Hello texasharper,

Your logs really don't look bad, are you still having current malware issues?

Let's do one last full system scan, see if anything turns up.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

 

I wasn't really aware that I had any problems, however, if you look here you will see why I am checking for malware. Like the description on the Sophos.com site indicates; the only inkling I had was that my FW and AV suddenly disappeared from my taskbar. So, yeah, I think something is up.



Will run as instructed....tomorrow!!! Have a great rest of the evening. Thank you also for your prompt reply.

 

Oh, I forgot to mention, since worm was brought to my attention, I have noticed that ALL my scans are MUCH shorter. Whereas an Avast full scan would take up to 45 min to an hour, now...25 min. Is that indicative of malware?

 

Hello texasharper,

Has this happened since the first time you noticed it? Sometimes there are legit reasons for this happening, such as windows explorer crashing for one reason or another.

Not necessarily, it could simply mean that CCleaner cleaned out a whole lot of temp files when you ran it, largely shortening the length of time required to scan your entire system.

Let me know when you have the results of the F-Secure scan

 

Ok, here is F-scan. I also ran another MGTools scan.

http://support.f-secure.com/enu/home/onlineservices/fshc/front.html

Okkayyyyy....so I checked the the link I just posted and nothing. I tried to get a screen shot of the results but obviously THAT didn't work. The scan was fine except for multimedia updates, some I don't have anymore or don't recognize.

 

Hello texasharper,

Your logs all look clear of any infection to me. Have your AV or FW disappeared again from the taskbar since you've last replied to me?

 

Nope, everything looks fine. I just have one question that has been nagging me for a long time.

Sometimes the graphics on my screen will fan like when you spread out a deck of cards...KWIM? I've always thought that was an indication of malware, do you know why it does this?

Thanks
tex

 

Hello texasharper,

There could be a few causes to this, such as your video card over-heating, some video card driver issues, or something else completely diifferent. If you really want a definitive answer on this question I would probably ask about it here: http://forums.majorgeeks.com/forumdisplay.php?f=21


If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
5. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
6. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
7. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
8. If we had you run Avenger, you can delete all files related to Avenger now.
9. If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
10. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
11. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
12. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
13. Go to add/remove programs and uninstall HijackThis.
14. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
15. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
16. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!