Infected With SKYNET & maybe more

Discussion in 'Malware Help (A Specialist Will Reply)' started by meMYSELFnI, Sep 5, 2009.

  1. meMYSELFnI

    meMYSELFnI Private E-2

    Hello Major Geeks,

    Thank you for having such a helpful site! I'm attempting to rid my Mother's computer of some infections that she's picked up since I haven't been maintaining it. :mad

    I guess it's been going on for a while but she doesn't recall how long. She gets redirected in every search engine (yahoo, google, etc.) when she clicks on some of the links. It directs her to spoof antivirus and other scan sites. Somehow "windows antivirus Pro" got installed. It disabled Folder Options, regedit, and some others things in the registry. I THINK I got rid of it with the Malwarebytes. I'm able to access everything again, but still have a few questions. I can't disable the system restore. It says "disabled by group policy".

    She still isn't able to clean with Ccleaner, but can use the clean registry function. Ccleaner will freeze at 20% now and before that it would act like is was going to clean but would automatically shut down the program in the middle of it cleaning. Ad-Aware was installed but wouldn't load and after reading a lot on this site, I just uninstalled it.

    I ran Search and Destroy and it listed SKYNET.
    ComboFix detected it also.

    Here's the info from going through the R&R.

    Thank you in advance!
     

    Attached Files:

    meMYSELFnI, Sep 5, 2009
    #1
  2. meMYSELFnI

    meMYSELFnI Private E-2

    And the last file.
     

    Attached Files:

    meMYSELFnI, Sep 5, 2009
    #2
  3. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Welcome to MajorGeeks!

    I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

    Thanks for your patience.
    dr.m
     
    dr.moriarty, Sep 9, 2009
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, meMYSELFnI

    ;) The scanners took care of the malware.

    Step 1:
    Please look in Add/Remove Programs for the following:
    Step 2:
    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Step 3:
    Now install the latest Sun Java Runtime Environment

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double-click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:

    Safe surfing! http://i268.photobucket.com/albums/jj5/drmoriarty/Emoticons/char145.gif
     
    dr.moriarty, Sep 14, 2009
    #4
  5. meMYSELFnI

    meMYSELFnI Private E-2

    Looks like there was another infection after I did the cleanup, but I was able to get rid of that with another complete scan by SAS.
    After another thorough cleanup, I rechecked and everything looks clean again. Did the final steps and organized what startups and now the computer is running like a champ again.
    Hopefully she takes better care of what she downloads and views from now on and does maintenance.

    Thanks for the very informative site and your time looking over the logs.

    Kip
     
    meMYSELFnI, Sep 17, 2009
    #5
  6. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    :major

    You're Welcome!

    dr.m
     
    dr.moriarty, Sep 17, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds