Confirm malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by glenwill, Dec 30, 2008.

  1. glenwill

    glenwill Private E-2

    I'm trying to remove malware from my parents PC. A few weeks ago BitDefender reported that they had trojan.patched.u in lsass.exe and spoolsv.exe.

    I ran the 'read and run before posting' steps and thought it was cleaned up, and BitDefender did not report any issues. A few days later, BitDefender again reported trojan.patched.u in the same files, despite no one using the computer in the interim.

    Last night and today I reran the steps again, and again BitDefender is reporting no issues. I just want to have my logs checked to make sure it looks like all is well now.

    Thanks in advance,
    Glen
     

    Attached Files:

    glenwill, Dec 30, 2008
    #1
  2. glenwill

    glenwill Private E-2

    4th file is attached.

    Glen
     

    Attached Files:

    • SAS.log
      File size:
      465 bytes
      Views:
      3
    glenwill, Dec 30, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Looks like we can fix this without much problem:

    First, Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    If you haven't already, please disable the Guest account in User accounts.

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now use windows explorer to find and delete:
    c:\windows\system32\kr.dll

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and tell me how things are running. :)
     
    TimW, Jan 2, 2009
    #3
  4. glenwill

    glenwill Private E-2

    Tim, thanks for your reply. The PC is at my parents house, and it'll take me a few days to get over and run the steps below. I'll let you know when I do.

    Thanks,
    Glen
     
    glenwill, Jan 5, 2009
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem....I'll be here.
     
    TimW, Jan 6, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds