Help with Virusbuster and/or Malwarewipe

Welcome to Majorgeeks!

I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

Now attach new logs from:

• GetRunKey
• ShowNew
• HJT

How are things working now?

 

Delete the below folder:
C:\Program Files\SpywareBot

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Safety Alert 2006 <--- this is malware

Now install the current version of Sun Java from: Sun Java Runtime Environment

Attach a log from Kaspersky that shows what it is finding.

Not yet!

 

I have never used it so I cannot tell you but there must be some way to get a report or log. Also can you just tell me EXACTLY what comes up in the message it is giving to you.

 

This may be a false positive. I don't have much good info on that file but it may be some kind of driver made by Intel. From the name it sounds like something for a keyboard. One link I had referred to it as Intel(R) Quick Resume Technology

Can you put a copy of this file into a ZIP and attach it here? It all depends on how large the file is. If the file is too large, even zipping it may not make it small enough to upload. I saw references saying it was 6.7Mb in size. If that is true you probably will not be able to attach it even if compressed into a ZIP file.

This file often appears in a group with the below files:
system32\DRIVERS\ELacpi.sys
System32\DRIVERS\ELhid.sys
System32\DRIVERS\ELmon.sys
System32\DRIVERS\ELmou.sys

You can also do the following if it cannot be uploaded.

Use Windows Explorer to navigate to c:\windows\System32\DRIVERS\ELkbd.sys. Then right click on it and select Properties. Now see if there is a Version tab in the window. If so, select the Version tab and on the next window select each of the listed Item names (one at a time) to get more info about the file. The most important information is Description and from the Item list is the company name. If there is no Version tab, tell me that too.

 

It looks okay to me and I even ran it thru 15 antivirus scanners (one of which is also Kaspersky) and they all came back clean.

 

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!