First time poster for Malware issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by fjross, Sep 15, 2010.

  1. fjross

    fjross Private E-2

    This is my first post other than in the Welcome forum yesterday. I believe I have followed all your instructions in the Forum rules, Read & Run me, Windows XP Cleaning, etc. Hopefully I didn't miss anything but let me know if I'm not following the proper procedure in asking for help. I noticed last week some errors that I hadn't seen before - some spooler subsytem message popping up, as well as intermittent "..error writing to xxxxx memory location..." messages periodically. I thought I may have had a hardware problem but noticed longer bootup times as well as longer launching times of Firefox. I ran my Avira Antivir program and it found "T/R Drop.DroopTroop.exs" in 'C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP535\A0072777.exe. When I google it, I could not find any sites other than foreign language ones so I couldn't tell what it does. Having read about majorgeeks in the past as to what software to run to try and fix these issues. I started down that path. That's when I discovered that I could not run SUPERantispyware, Malwarebyte's AntiMalware, Spybot, etc. even though those programs were installed on my computer and kept up to date. That's when I figured I had a problem. Firefox wouldn't take me to the sites where you could get a new copy so I figured my browser was hijacked as those sites came up fine on an Apple computer that my son has on my network at home. That led me back to the majorgeeks forum and I started reading the steps to follow to attempt to clean up my system. So I am attaching files per your instructions with the exception of Rootrepeal. It would start but I would get a message indicating that the system was low on virtual memory and it was increasing the pagesize file. However, the message that the program is initialising never goes away, and it never gets any farther even though I let it run for about 15 minutes. I have a Dell Dimension 4600 Desktop system running Windows XP. As an aside, there was an update to Superantispyware that I downloaded today and it found nothing but for some reason the log from 9/13 is not there - that's the day all the other cleaning procedures were run. Files are attached. Thanks for any assistance you can provide!
    Frank
     

    Attached Files:

    fjross, Sep 15, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like Combo fixed your issues. What issues are remaining, if any?
     
    TimW, Sep 15, 2010
    #2
  3. fjross

    fjross Private E-2

    I looked at the event log in Antivir today and I see the following entries dated today (9/15/10):
    Virus or unwanted program 'TR/Rootkit.Gen3 [trojan]'
    detected in file 'C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0074815.sys.
    Action performed: Delete file

    Virus or unwanted program 'TR/Rootkit.Gen3 [trojan]'
    detected in file 'C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0074815.sys.
    Action performed: Deny access

    So if it still detected that after 9/13 when everything was run, I'm a little hesitant to go forward on this system. In addition, aren't I losing something by not being able to run Rootrepeal?
     
    fjross, Sep 15, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Those are just detections in the System Restore folders which are not issues. Once you disable System Restore and then reenable (per final instructions that TimW will be giving if your logs are all clean) then all restore points will be removed and these will not be found anymore. So if these are your only problems, you do not really have a problem.

    And as far as RootRepeal goes, it is quite normal for it not to be able to run on some PCs.
     
    chaslang, Sep 15, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Unless you are having other malware issues, we can do the final cleanup ( including toggling system restore to remove those infected restore points):

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Sep 16, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds