Clean?

Had some problems with various Trojans identified. Spyware stormer being one of them. Anyway, I've completed the malware removal guide and attach the logs herewith.

Your advice would be appreciated.

Thanks
MonkeyCat

 

Hello MonkeyCat,

Your logs look fine, we can run one last anti-virus scan to make sure nothing else is hanging out, though.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

 

OK - Panda found some stuff. Please find attached log. Look forward to hearing from you again.

Thanks
MonkeyCat:wave

 

Hello MonkeyCat,

Using Windows Explorer delete the following folder (if present): (To get into Windows Explorer, right click the START button and select "explore.")

C:\RECYCLER\S-1-5-18\Dc7

Othen then that, everything else looks good. How is your computer currently running?

 

Hi RipChain

Wasn't sure if you meant delete the folder or file. Can't delete the folder; access is denied. However, I deleted C:Recycler/S-1-5-18. Hope that was OK (wasn't any reference to Dc7)?

Computer seems to be running pretty good. Thanks for your help.

MonkeyCat

 

Hello MonkeyCat,

That's fine.

Please also delete the following file:

C:\WINDOWS\system32\kxqvnseu.ini

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below file:

• C:\MGlogs.zip

 

OK. Managed to delete that file. How are we looking now?

Thanks
MonkeyCat:major

 

Hello MonkeyCat,

Your logs look fine now, how is your computer running?
This file looks like it could have been the source of your original infection: C:\Documents and Settings\Brian\Desktop\Windows[1].XP.All.Cracks.RPE.light.1.0.exe

 

Hi

Seems to be running OK now. I had a feeling that would be the cause of my problems.

Thanks for your help.

MonketCat

 

Excellent news

• Click START then RUN
• Now type cf /u in the runbox and click OK.
  • Note: The space between the cf and the /U, it must be there.
• If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you run Avenger, you can delete all files related to Avenger now.
• If we had you run RenV.exe, you can delete it and the Log.txt file on your Desktop.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
• You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
• If you are running Windows XP or Windows ME, do the below:
  • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!