Completed Scans, is my PC clean?

Discussion in 'Malware Help (A Specialist Will Reply)' started by redglare, Jun 9, 2010.

  1. redglare

    redglare Private E-2

    Hi,

    I have just completed all of the instructions in your Read ME first thread. My PC initially became infected with backdoor.tidserv!.inf - at least thatis what Symantic AV Corporate Edition detected. The PC was behaving OK, but started having internet connectivity problems.

    The Superantispyware and malwarebytes scans picked up further infections and they are documented in the logs.

    I am running XP with SP2, PC Tools Firewall Free, and Symatec AV Corp Edition. I managed to completed all of the instructions with the exception of RootRepeal. I ran it, but after 36 hours it was still crawling along. I attach my logs for your review.

    I am going to purchase SUperantispyware - can I run it as well as Symantec AV?

    Your help is greatly appreciated.
     

    Attached Files:

    redglare, Jun 9, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there and welcome. I am currently reviewing your logs and will get back to you with a set of instructions in the next post I make to you.
     
    Kestrel13!, Jun 9, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Where was it reporting the threat? Give me the exact file path? Is it STILL detecting it after running the scans?
    I don't see why not.

    Just to let you know our viewpoint on cracks and keygens:

    Warning about Porn, Keygens, Cracks, and other Illegal Software

    You will more than likely have to visit the networking forum to resolve this problem. I am not seeing any malware in your logs.

    Let me know if Norton/symantec is still detecting the backdoor.
     
    Kestrel13!, Jun 9, 2010
    #3
  4. redglare

    redglare Private E-2

    Hi Kestrel13, thanks for your prompt response.

    I cannot recall the exact path of the backdoor. I have checked the logs from my symantec scans and cannot find it either - I must have cleared the history during the scan/clean process.

    Symantec does not detect the backdoor anymore.

    The network/internet problem only occurred once and has not happened since the scan/clean.

    I have created a new account on my PC without admin rights. If I limit net surfing to this account, will it reduce chance of re-infection?

    I have a few more questions:
    1. Should i proceed with the System Restore Toggle?
    2. Can I revert to the msconfig regulated startup,so I can prevent loading all the extra stuff?
    3. Should I upgrade to XP SP3?
    4. I have recently started a new internet service with a cable provider. This coincided with the infections. Could they be related?

    Thanks again.
     
    redglare, Jun 10, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Good.
    Yes surfing on a limited account is a much wiser idea.

    Yes, you will be doing this as part of my final instructions.
    No, there are much better alternatives, start up managers, software that you can use to manage what runs at start or not. You should only revert to using msconfig for troubleshooting and diagnostic purposes.

    Ideally yes.

    Probably just co-incidence.

    You're most welcome. Safe surfing! :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Jun 10, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds