I am New - Need Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by Brown18, Feb 21, 2009.

  1. Brown18

    Brown18 Private E-2

    Hello everyone,

    I am new to major greeks, but I will try to make it short-

    While streaming a WMP video and posting on a blog at the same time, AVG notified me that I have trojans and a worm. The malware disabled my spyware protection software (Webroot Spy Sweeper), so I couldn't run a scan, but it appeared in quarantine.

    In a panic I deleted everything from the quarantine list. I reinstalled Webroot Spy Sweeper, AVG, and ran scans, but nothing came up even though my computer was at a very slow crawl. So I decided to reformat everything. After taking many hours reinstalling Windows Updates and my security software, the malware seem to have came back :cry. I kept getting Spyware notification pop-ups every second, reading - "The Internet Communication shield has blocked access to" followed by the site name and my computer went back to a slow crawl again.

    Long story short, I came cross your website and here I am. I have to confess I initially didn't follow all the steps as instructed in the Read Me First and XP Cleaning Procedure web pages :-o. I skipped MGtools and Combofix because I thought I got rid of the worm and Trojans, and a few days later I started getting frequent spy notification pop-ups again.

    After I ran Combofix and MGTools, it appears that the problem has gone away, but I am not sure. Attached is my Combofix.txt file and my MGTools zip file. I would like someone to take a look it and give me advice on what to do next.


    Thank you. I appreciate your time.

    Note: I had failed to completely disable my firewall (it has a lot of compartments) during the first scan, and it interrupted process. Combofix2.txt is the first scan, and combofix.txt is the second scan.
     

    Attached Files:

    Brown18, Feb 21, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean.....If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Feb 21, 2009
    #2
  3. Brown18

    Brown18 Private E-2

    Thank you very much. Your site has been a tremendous help to me.:)

    I have a few last questions -

    Per my last post, I was wondering why the malware kept coming back. Is it possible that I had a back door Trojan? If so, what are the characteristics of a back door trojan? How would I know if I had one? Before I got the malware, I used CCleaner a lot, did/could that protect me against a hacker accessing my private information ie passwords?​

    What do you think about anonymous software, and firefox add-ons like switchproxy and stealther? Do they prevent malware? Do you have any Firefox add-on recommendations?​

    I am taking your advice and I have decided to sign in under a Limited/Restricted user account to access the internet but it doesn't allow me to access a software like CCleaner to clean my private data. How can I further protect myself against malware while using the Limited User login?​

    Lastly I would like to reinstall iTunes, but it ask if I would like to turn on AutoRun. Your advice to turn off AutoRun. How should I handle that situation?​

    Thank you much
     
    Brown18, Feb 21, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member


    This happens when there are left over traces of the malware. If all of it is not removed, it can and often will return.

    I have no personal experience with this, so I would suggest you ask that question in the software section. ;)


    Under your admin account, you can move those program shortcuts to your limited user desktop --- you can get instructions for doing this in the software forum.


    You can allow it if you wish.

    You are very welcome.......safe surfing. :)
     
    TimW, Feb 22, 2009
    #4
  5. Brown18

    Brown18 Private E-2

    Thanks again
     
    Brown18, Feb 22, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome...:)
     
    TimW, Feb 22, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds