Infected By Stats.php

I hope this is the right place to attach the logs. I followed all of the malware removal steps and now how the 4 logs that are required.

I am trying to see if my PC is malware Free. THanks-

Alex

 

Welcome to MajorGeeks, Alex

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Ask Toolbar
• Java(TM) 6 Update 30
• Java(TM) 7 Update 4
• Windows Searchqu Toolbar

__

Code:

ProxyServer (64.15.144.86:3128)

Is this a proxy you intentionally set up? If not, run Proxy Fix in RogueKiller.

__

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run

__

http://img205.imageshack.us/img205/1894/otl.gif Fix items using OTL by OldTimer

Double-click OTL.exe to run. (Vista/7 right-click and select Run as Administrator)
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.

Code:

[COLOR="DarkRed"]:processes[/COLOR]
killallprocesses
[COLOR="DarkRed"]:files[/COLOR]
C:\Program Files (x86)\Windows Searchqu Toolbar
C:\Users\Alex\AppData\Local\WebpageIcons.db
C:\ProgramData\B7E85BB900006EBE00036945B4EB2367
C:\Windows\.prj
C:\Windows\System32\%APPDATA%
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YKQBI55Q\7zip_installer_1650.exe
[COLOR="DarkRed"]:reg[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"iolo Startup"=-
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"iolo Startup"=-
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}]
[COLOR="DarkRed"]:commands[/COLOR]
[clearallrestorepoints]
[emptyjava]
[emptyflash]
[resethosts]

Now click the http://img3.imageshack.us/img3/407/otlrunfix.png button.
If the fix needed a reboot please do it.
Click the OK button (upon reboot).
When OTL is finished, Notepad will open. Close Notepad.
A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
Attach this log to your next message. (How to attach)

 

Thanks so much for the warm welcome thisisu!

I followed everything you wanted me to do step by step including removing Java updates and nasty toolbars etc. I also fixed that Proxy.

I ran the TDSSKiller and OLd Timer.exe exactly as described with your custom fix code.

I will attach here the 2 logs that were generated from the two detection softwares

Will wait for further instructions. Thanks again!!

ALex

 

What malware problems remain?

__

http://img17.imageshack.us/img17/3214/baticonvista7.gif Now run C:\MGtools\GetLogs.bat by right-mouse clicking it and then selecting Run as Administrator
This updates all of the logs inside MGlogs.zip.
When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)

 

Q: What malware problems remain?

A: I'm not really sure if there are any more at this point. With some of the scanners I ran previously I found some medium level threats and some threats with the Hitman Pro app as well I believe, but in each case I followed instructions which were specifically not to remove the threats but to SKIP them so you guys could review the logs first...

The TDSS app also detected 2 meduim threats that were ignored. Perhaps the final MG log.zip will shed more light?

Alex

 

Your latest logs look fine but you may want to cleanup your desktop a little bit
TDSSKiller's findings were not malicious.

__

If you are not having any other malware related problems, it is time to do our final steps:

• Any programs we had you download and/or install can be removed at this time.
• If we had you download and run ComboFix, here is how to uninstall it:
  • Press and hold the Windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif and then press the letter R on your keyboard.
  • This opens the Run dialog box.
  • Copy and paste the below text inside the text-field:
    • "%userprofile%\desktop\ComboFix" /uninstall
  • Now press ENTER
  • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
• You can re-enable your Disk Emulation software at this time via DeFogger.
• If we had you create or download a registry patch or "fix" script, these can be deleted at this time.
• Go into the C:\MGtools folder and run the MGclean.bat file to remove additional traces of our tools.
• Now we will toggle System Restore to remove any infected system restore points.
  • Read this: How to Disable And Enable System Restore
• Lastly, here is a guide to protect you from future infections: How to Protect yourself from malware!
• Be safe

 

Awesome thisisu!

Thanks so much for the help. Really. You guys are the best

My Desktop?????

Hahahahaa.... Too Funny!!... Will Work on that

Alex

 

You're welcome :-D