ldpinch - Does quarantined mean safe?

tkjdnow · Oct 22, 2007

SpySweeper found the Ldpinch trojan, a password, keystroke, hijack-the-computer malware. It put the trojan in quarantine.

Does this mean that I can use on-line banking, etc. because the malware is gone, or has it made changes to the hard drive that will steal my information?

I really do not know.

TimW · Oct 22, 2007

Re: Does quarantined mean safe?

It may have quarantined some of it ...so it would be best to do the: READ & RUN ME FIRST. Malware Removal Guide

tkjdnow · Oct 27, 2007

ldpinch quarantined-is it gone?

SpySweeper found and quarantined the password-stealer keystroke logger ldpinch Oct. 21.

I posted to ask if that meant my computer was safe to use for banking, or if there had been changes, and TimW advised ReadandRunMe.

Have performed all steps. CounterSpy, SpyBot, and Bitdefender report 0 infections and did not generate logs that I could find. Panda does not scan on my computer; it freezes at the Webroot files. AVG free and SpySweeper report 0 infections.

Attached are getrun, newfiles and HJT text logs as per instructions.

If all is OK, do I complete the follow the Disable/Enable system restore steps?

The only odd thing I had was an Ask.com toolbar appearing out of nowhere; I uninstalled it with add/remove programs.

I have stayed off-line except for this site since the trojan was found.

Also--if passwords are stored in Firefox, and pop up after typing user name, can a trojan access them?

Please advise.

TimW · Oct 27, 2007

Also--if passwords are stored in Firefox, and pop up after typing user name, can a trojan access them?
Click to expand...

It is never good to have any browser remember user names or passwords!

Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Click to expand...

After clicking Fix, exit HJT.

Your logs look clean. You may uninstall any programs we had you download (including CounterSpy, etc).

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
* Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
* go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
* How to Protect yourself from malware!

Log in or Sign up

ldpinch - Does quarantined mean safe?

tkjdnow Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

tkjdnow Private E-2

Attached Files:

runkeys.txt

newfiles.txt

hijackthis.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member