Live Security Platinum removed but not trojank patched sirefef or trojan patched C!K

MalakitheMostHi · Jul 22, 2012

Hello and thanks in advance for the help. I originally posted in the welcome thread for instructions on my desktop issue which I dont use quite as much as my laptop for work and everything personal. Now as of 7pm yesterday (7-21-12) my laptop is also infected.
It began with the pop up malware "Live Security Platinum" which I followed a tutorial from a blogger to remove as I didnt have the link to this site, it was bookmarked on my previously infected desktop. It seems to have been removed but the instructions also requested running hitman pro which still shows an infection which will be loaded up in the logs I am providing. Also, I can not "arm" my windows security essentials or my windows firewall setting. I am attaching all the requested files here and will wait for a response. I have thoroughly read through all of the instructions required to post in this thread as well as taken all actions instructed. I have all of the software downladed and installed in the instructed locations and I believe I am ready to go. So here are my requested logs.
I am now going to take all of the required measures to begin cleaning up my desktop and will start a new thread for the work on the machine which looks like a similar issue. This is just a heads up in case you see two threads started by the same user.

Thanks again for the help!

MalakitheMostHi · Jul 22, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

MalakitheMostHi said: ↑

Hello and thanks in advance for the help. I originally posted in the welcome thread for instructions on my desktop issue which I dont use quite as much as my laptop for work and everything personal. Now as of 7pm yesterday (7-21-12) my laptop is also infected.
It began with the pop up malware "Live Security Platinum" which I followed a tutorial from a blogger to remove as I didnt have the link to this site, it was bookmarked on my previously infected desktop. It seems to have been removed but the instructions also requested running hitman pro which still shows an infection which will be loaded up in the logs I am providing. Also, I can not "arm" my windows security essentials or my windows firewall setting. I am attaching all the requested files here and will wait for a response. I have thoroughly read through all of the instructions required to post in this thread as well as taken all actions instructed. I have all of the software downladed and installed in the instructed locations and I believe I am ready to go. So here are my requested logs.
I am now going to take all of the required measures to begin cleaning up my desktop and will start a new thread for the work on the machine which looks like a similar issue. This is just a heads up in case you see two threads started by the same user.

Thanks again for the help!
Click to expand...

Here are the other remaining logs. If Any are missing I will attach asap.

Thanks

MalakitheMostHi · Jul 22, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Im sorry I forgot to mention my browser firefox also still seems to be redirecting. I never use IE but I still ran the IE clean up instructed but in the version I have installed (IE8) I was unable to find the box for deleting offline internet files during cleanup.

Kestrel13! · Jul 23, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

Use the arrow keys to select the Repair your computer menu item.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.

Restart your computer.

If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.

Click Repair your computer.

Choose your language settings, and then click Next.

Select the operating system you want to repair, and then click Next.

Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

Click to expand...

Select Command Prompt

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

MalakitheMostHi · Jul 23, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Thanks so much for taking the time to help me out of this jam.

Here is the log attached.

Kestrel13! · Jul 24, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

You're very welcome.

Uninstall the below:

BabylonObjectInstaller

Delete this folder:

C:\ProgramData\7531CCA9160EE5C5C7135149F875F002

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

--------------------------------------------

Now run FRST like you did the very first time, just a scan, no fix, and attach that log too please.

------------------------------------------------

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

MalakitheMostHi · Jul 24, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Here are the logs attached. When you asked for me to let you know how things are running now, my issues were some misdirecting but mainly windows essential not allowed to start up along with windows firewall. The redirecting seems to have stopped but Im getting errors when I attempt to restart windows firewall and windows security essentials. But the redirecting seems to have stopped. Malbytez ran when I rebooted and found nothing however hitmanpro also runs auto on startup and did find a trojan.

Kestrel13! · Jul 25, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

You did not run FRST correctly

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.
Click to expand...

Run it again properly (not inputting a fix, just a scan) and attach the log.

MalakitheMostHi · Jul 25, 2012

Re: Live Security Platinum removed but not trojan patched sirefef or trojan patched

Im confused as to how to run FRST at this point. Initially it was ran from System Recovery the very first time. Yesterdays I ran it once from system recovery for the fixlog and then I ran it from normal boot after that for the scan log.

I just ran it again (its located on my flash drive) from normal boot and looked at the FRST.txt log and see your quote so Im assuming it was done wrong again as the txt file does show your quote.

Im attaching the log from running it just now, from my flash drive, in normal boot mode for just a scan.

If this incorrect can you please explain how to run it at this point. Sorry for the confusion. As Im looking back over the instructions Im still thinking I ran it according to instructions. Please advise.

Thanks

Kestrel13! · Jul 25, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Don't worry. We'll get there. The instructions in post #4 explain everything. You did it correctly once so you'll get it done I'm sure.

MalakitheMostHi · Jul 25, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Heres the log.

Kestrel13! · Jul 26, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Thankyou. That's the one I wanted. It looks good too. Everything running as it should be?

MalakitheMostHi · Jul 26, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Yes everything does seem to be running well.

Kestrel13! · Jul 26, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /uninstall, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

If you are running Win 7, Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures pointed to by step 7 of the READ ME
for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore to create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

MalakitheMostHi · Jul 26, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Thank You very much for your time and patience!

I removed and reinstalled windows security essentials as I was still getting an error when I tried to turn it on and it is now working properly and up to date. However, Windows defender and Windows firewall are still not letting me turn them on so I installed and am now using Personal Firewall 7.0 as well as malwarebytez. What is recommended at this point for the malfunctioning firewall and defender? The combo of those and security essentials seemed to work well and I felt secure until last week so now Im not sure.

Kestrel13! · Jul 27, 2012

Re: Live Security Platinum removed but not trojank patched sirefef or trojan patched

Seeking advice, hang in there.

Log in or Sign up

Live Security Platinum removed but not trojank patched sirefef or trojan patched C!K

MalakitheMostHi Private E-2

Attached Files:

RKreport[1].txt

mbam-log-2012-07-22 (15-25-01).txt

TDSS log 7-22-12 2 15 pm.txt

MBRCheck_07.22.12_14.18.28.txt

MalakitheMostHi Private E-2

Attached Files:

GooredFix.txt

MGlogs.zip

hitmanpro.zip

MalakitheMostHi Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

MalakitheMostHi Private E-2

Attached Files:

FRST.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

Attached Files:

fixlist.txt

MalakitheMostHi Private E-2

Attached Files:

Fixlog.txt

FRST.txt

MGlogs.zip

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

MalakitheMostHi Private E-2

Attached Files:

FRST.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

MalakitheMostHi Private E-2

Attached Files:

FRST.txt

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

MalakitheMostHi Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

MalakitheMostHi Private E-2

Kestrel13! Super Malware Fighter - Major Dilemma Staff Member