Dell Dimension 4500 viruses

Hello, I have run the read me first section as directed. I did run Super Anti Spyware but now I can't find my log. I am unable to open it now. Malware bytes would not run despite changing the file name as suggested. I was able to run the last three programs without problems. Here are my logs. Thanks in advance for any help you can provide.

 

Try this please.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and Run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.
[/LIST]


Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now run this: Using Malwarebytes Anti-Malware

Now run this: SUPERAntiSpyware - running & getting a log

Also run a new scan with MGtools and post the new MGlogs.zip: Using MGtools

 

rkill worked. I had to run exe helper several times and each time the same file would not delete (I finally gave up on that) MBAM ran fine this time but SAS would not. MGToools ran ok as far as I can tell. I've included my logs.

 

Thank you.

Everything in the MBAM log says No action taken. Did you let MBAM fix those after copying the log?

It's also out of date with the database. Please do this.


Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Attach the new report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

Oooops! I guess I was a bit hasty and not paying attention. You're correct I forgot to update and let MBAM remove stuff. I did update and ran the scan as directed. In fact I ran three times and each time was better than the last. The final scan from MBAM is clean but I'm still not sure if the entire PC is clean yet...

 

That's better.

Now delete ComboFix and download a new copy then run a scan. Attach the new log. Running ComboFix[/URL

Next run a new scan with MGtools and attach the log. Using MGtools

 

Here's my new logs.

 

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

• O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

After clicking Fix checked, exit HijackThis.



Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.



Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal


Now run a new MGTools scan and attach the new MGlogs.zip.

Do you know what this is?

Code:

2009-10-24 19:14 . 2009-11-08 21:50    --------    d-----w-    c:\program files\kywrqf

Also let me know how the computer is running now.

 

>>Do you know what this is?


>>Code: 2009-10-24 19:14 . 2009-11-08 21:50 -------- d-----w- c:\program files\kywrqf

I have no idea.

I'll be able to get to the rest of the steps this evening after 5pm central when I get home. I can update you some more then.

 

OK, I turned off O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

and also uninstalled Windows Messenger. I installed AVG 9 and ran a new MGTools scan. Here's my log.

 

Thanks you.

Please locate and delete this file. c:\program files\kywrqf

Now run CCleaner.

Your logs look OK but since you went a few days at least without an antivirus we should run a virus scan to make sure nothing is hiding the we can't see in the logs.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

 

I was able to delete c:\program files\kywrqf
with no problems (it was empty)

I ran CC cleaner.

I ran ESET the 1st time and it found 6 viruses. (They were quarantined successfully, sorry I forgot to grab the log) I ran ESET a 2nd time and it was clean. I restarted the computer and ran ESET a 3rd time and it was clean. Is it pretty safe to assume I am clean now? Should I do any final checks or scans?

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

 

Many thanks for your help! :-D

 

Your welcome.

Safe surfing...