I've done everything I could. Am I finally clean?

Discussion in 'Malware Help (A Specialist Will Reply)' started by navyblue, Jun 28, 2009.

  1. navyblue

    navyblue Private E-2

    Okay, so I have spent just about 2 full blown days trying to fix my wifes laptop computer (XP Professional). I have done just about every scan I could think of and have followed the malware removal guide to the "T". Also ran WindowsDefender on top of SuperAntiSpyware and MalwareBytes. Ran CC Cleaner, ran chkdsk /r in the recovery console and also ran Avast Anti-Virus. Everything seemed to be clean. But the problem kept creeping up and more malware would later be found on the next scan. I figured the problem might be with the web browser. Every time my wife goes to gmail or google and sometimes yahoo (I think) the browser would be redirected to a certain IP address (not sure if I should post it here). I then checked the HOSTS file and found it was a very long list of site redirections. Every time the browser re-directed I believe that was when more malware was being downloaded, I'm not sure. I even took a chance and accepted one of the security certificates offered because I thought that the one on the PC may have been damaged. Yeah, I know, bad move, but I was desperate. Ran another scan and sure enough more malware was found. I had a very hard time trying to delete that HOSTS file so instead I copied a proper copy of the HOSTS file as HOSTS.txt to the C:\Windows\System32\drivers\etc directory. Then I renamed the HOSTS file to HOSTSQ (anything would have done), and then changed HOSTS.txt to just HOSTS which worked. Also did what HijackThis recommend by using 'HOSTS.' in the run command. Also set Firefox's redirection feature to block redirections which helped a lot. Ran another scan and all was fine. Also deleted the System Restore Points. Also currently scanning her parents computer which is on the same network. Although there were no redirections problems on her parents computer, there were many malware and viruses found after running SuperAntiSpyware and MalwareBytes. Their MacAfee which came with their AOL 9.0 (I know, junk) didn't find a thing.

    I'm not sure about the RootKits though on my wifes PC and whether or not the computer has any, or if there is anything else I might be missing. I also ran SysProt and there were some things in "Red" but was not sure what they were. If you guys could take a look at these 5 application logs it would be immensely appreciated.
    View attachment RRlog.txt

    View attachment ComboFix.txt

    View attachment SUPERAntiSpyware Scan Log - 06-28-2009 - 00-40-29.log

    View attachment mbam-log-2009-06-27 (14-52-28).txt
     
    navyblue, Jun 28, 2009
    #1
  2. navyblue

    navyblue Private E-2

    Okay, here is the 5th file. It is MGlogFiles.zip because I have MGlogs.zip in another thread (sorry about that). If you would, please remove my thread "I've done everything I could. Am I finally clean? - Part 2". Thanks and my apologies once again.

    View attachment MGlogFiles.zip
     
    navyblue, Jun 28, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not much left to do, so lets do this:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.

    Now use windows explorer to find and delete:
    C:\Documents and Settings\All Users\Application Data\1ECD032
    C:\Documents and Settings\All Users\Application Data\8b7a

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Jun 29, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds