Help Needed: e.exe Malware Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by MidnightRun, Jan 21, 2010.

  1. MidnightRun

    MidnightRun Private E-2

    Please help.

    I recently noticed my McAfee Security Center asking me to block access to the internet for a program e.exe (located in the Document and Settings/Temp folder. I did block access.

    Afterward, I ran a MalwareBytes scan and it found a Trojan registry key, but not the exact e.exe file. When I manually navigated to the file location, it was not present. Perhaps hidden?

    Nonetheless, I instructed MalwareBytes to clean the found infection and it stated it was successful. Upon restart, another scan found the same infection. It's a never ending cycle.

    McAfee Security Center does not find any infections though and has not prompted me to block anything else.

    At the advice of a friend, I followed the instructions here for Malware Removal.

    Attached are my logs.

    Have I properly disinfected my computer?

    NOTE: I've attached two ComboFix Logs because when it ran the first time, CF stated it found an infection in RootsKit and needed to restart the system. The computer attempted to restart but would simply cycle through the Windows start up screen over and over with an occasional blue screen. Thus, I had to select safe mode and allow CF to finish in safe mode.

    For CFlog2, I simply followed the instructions again, this time without a problem. I did notice both times though that although McAfee was disabled, when ComboFix was done and creating the log, McAfee would identify CF as a Trojan "Artemis" and "Block" it, then delete the program from the Desktop. This did not appear to affect CF from finishing its business and creating the log though.
     

    Attached Files:

    MidnightRun, Jan 21, 2010
    #1
  2. MidnightRun

    MidnightRun Private E-2

    Attached is my Malware Bytes log.

    It's my understanding that two of these "infections" are not really infections but rather alerts and to disregard them. Please correct me if I'm wrong!
     

    Attached Files:

    MidnightRun, Jan 21, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not seeing any malware in your logs.

    1. Please also attach the log from SUPERantispyware into your next reply here:
    2. If you do not use Windows Messenger Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    3. Please go to Add/Remove programs and uninstall the following software:
    • J2SE Runtime Environment 5.0 Update 4

    4. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    5. Attach the log from SAS.
     
    Kestrel13!, Jan 23, 2010
    #3
  4. MidnightRun

    MidnightRun Private E-2

    Done.

    I've also uploaded new SAS logs and a new MalwareBytes log.

    MB found two infections that had been previously cleaned. I think they come back after restarts. Perhaps infected system restore points? I'm not sure.

    I've also noticed a pop up upon start up from McAfee asking me to verify my product before SpamKiller can be activated. Clicking Verify simply launches Firefox and takes you to the McAfee home page. Not sure if that's anything to be concerned about.

    Thanks for all the help.
     

    Attached Files:

    MidnightRun, Jan 28, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    All that MBAM found were items in your system restore folders. These can only be removed by toggling system restore. Otherwise, your logs are clean.

    You should pursue your verification question in the software forum.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, Jan 28, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds