Malware- Admin

Discussion in 'Malware Help (A Specialist Will Reply)' started by manilka835, Mar 24, 2009.

  1. manilka835

    manilka835 Specialist

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Sri Lanka.
    Monday, 24th March 2009.

    Dear MajorGeeks Support Forums,

    Malware- Admin

    Having removed malware from my other computer “IBM”, I have done same for “Admin” as well. Herewith I attach the necessary logs for your perusal.

    I have come across the following problems:

    1. realtime blocker - I have installed SUPERAntispyware free version. Do I need to have another realtime blocker such as Comodo BOClean Anti-Malware?

    2. Startup items
    I wish to know which of the following items can be deleted by using CCleaner startup manager.
    • ctfmon.exe
    • SUPERAntispyware
    • Skype
    • IDTSysTrayApp
    • AESTFltr
    • IgfxTray
    • HotKeysCmds
    • Persistence
    • QlbCtrl.exe
    • RemoteControl
    • LanguageShortcut
    • egui
    • USB Antivirus
    • IMJPMIG8.1
    • NvCplDaemon
    • nwiz
    • SysTrayApp
    • Epson Stylus C41 Series
    • NeroFilterCheck
    • DSLSTATEXE
    • DSLAGENTEXE
    • Adobe Reader Speed Launcher
    • SunJavaUpdateSched
    • TkBellExe
    • Bluetooth.lnk

    Thanking you.

    All the best,
    Manilka
     
    manilka835, Mar 24, 2009
    #1
  2. manilka835

    manilka835 Specialist

    Malware- Admin (part2)

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Sri Lanka.
    Monday, 24th March 2009.

    Dear MajorGeeks Support Forums,

    Malware- Admin

    Having removed malware from my other computer “IBM”, I have done same for “Admin” as well. Herewith I attach the necessary logs for your perusal.

    I have come across the following problems:

    1. realtime blocker - I have installed SUPERAntispyware free version. Do I need to have another realtime blocker such as Comodo BOClean Anti-Malware?

    2. Startup items
    I wish to know which of the following items can be deleted by using CCleaner startup manager.
    • ctfmon.exe
    • SUPERAntispyware
    • Skype
    • IDTSysTrayApp
    • AESTFltr
    • IgfxTray
    • HotKeysCmds
    • Persistence
    • QlbCtrl.exe
    • RemoteControl
    • LanguageShortcut
    • egui
    • USB Antivirus
    • IMJPMIG8.1
    • NvCplDaemon
    • nwiz
    • SysTrayApp
    • Epson Stylus C41 Series
    • NeroFilterCheck
    • DSLSTATEXE
    • DSLAGENTEXE
    • Adobe Reader Speed Launcher
    • SunJavaUpdateSched
    • TkBellExe
    • Bluetooth.lnk

    Thanking you.

    All the best,
    Manilka:confused
     

    Attached Files:

    manilka835, Mar 24, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Malware- Admin (part2)

    Why did you attach 4 copies of the log from MGtools? We need the logs from SUPERAntiSpyware, Malwarebytes, and ComboFix like you attached in your other thread.


    See comment in your other thread.

    See comment in your other thread.
     
    chaslang, Mar 28, 2009
    #3
  4. manilka835

    manilka835 Specialist

    Malware- Admin- 2009.04.23

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Sri Lanka.
    Thursday, 23rd April 2009.​

    Dear MajorGeeks Support Forums,

    Malware- Admin​


    Logs

    Herewith I attach the necessary logs for your perusal. I will attach the original ones and as for ones which are not available, most recent logs will be posted. I had previously missed attaching the logs from SUPERAntiSpyware, Malwarebytes, and ComboFix and had attached 4 copies of the log from MGtools due to some mistakes while running MGtools.

    Startup items
    As suggested by you, I will inquire from the software forum.

    Thanking you.​

    All the best,
    Manilka​
    :cry
     

    Attached Files:

    manilka835, Apr 23, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean, but you do need to remove the illegal copy of NOD32
    If you continue to use this on your PCs, you will possibly be refused any future help. See our policies on software like this in the below sticky thread:

    Warning about Keygens, Cracks, and other Illegal Software



    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Apr 27, 2009
    #5
  6. manilka835

    manilka835 Specialist

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Sri Lanka.
    Tuesday 27th April 2009.​

    Dear MajorGeeks Support Forums,

    Malware- Admin- 2009.04.23

    ESET Smart Security
    I will remove the illegal copy of NOD32. It was installed in the computer when it was received through a donation. I will install a legal Antivirus.

    Weekly Scanning Programme
    I have prepared a schedule to run scans weekly on my computer. I would like your comments please.
    1. CCleaner
    1.1. Check for updates
    1.2. Click “Run cleaner”
    1.3. Select “Registry”
    1.4. Click “Scan for issues”.
    1.5. Click “Fix selected issues”.
    2. Click Start > Run > type msconfig and click OK!
    2.1. Select the General tab and select Normal Start-up.
    2.2. Then click Apply, OK, and reboot PC before continuing.
    2.3. Remain in this Normal Start-up mode while your PC is being cleaned of malware.
    3. Empty ALL Quarantine type folders for antivirus and antispyware applications.
    3.1. SUPERAntiSpyware
    3.2. Malwarebytes Anti-Malware
    3.3 Antivirus
    4. Empty your Recycle Bin
    5. SUPERAntiSpyware
    6. Spybot S&D
    7. Malwarebytes Anti-Malware
    8. Flushing Restore Points
    9. SpywareBlaster
    9.1. Check for SpywareBlaster Updates
    9.2. Enable All Protection
    10. In Internet Explorer, Adjust Active X security settings according to your link “How to protect yourself from malware!”
    11. Scan for viruses
    12. Norton System Works: One Button Check-up
    13. Norton System Works: Norton Clean Sweep: Internet: Internet Cache Cleanup
    14. Norton System Works: Norton Clean Sweep: Norton Cleanup- Fast & Safe Cleanup
    15. Norton System Works: Norton Utilities: find and fix problems: Norton Disk Doctor
    16. Restart computer
    17. Norton System Works: Norton Utilities: Optimize Performance: Speed Disk
    18. Disk Defragmenter

    Thanking you.​

    All the best,
    Manilka​

    :)
     
    manilka835, Apr 27, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    I would change to the below and I added some notes in bold brown

    1. CCleaner
    1.1. Check for updates
    1.2 Check to make sure you have it configure to remove the info you wish to clean.
    1.3. Click “Run cleaner”
    We do not recommend registry cleaning as a standard procedure.


    Delete ALL of original 2.x steps - You should always be in normal startup mode so this should not be necessary

    2. Malware Tool Updating, Scanning and Removal
    2.1 Run SUPERAntiSpyware and first update it. Then run a scan and remove all that is found. Reboot immediately if it tells you to do so.
    2.2. Run Malwarebytes Anti-Malware and first update it. Then run a scan and remove all that is found. Reboot immediately if it tells you to do so.
    2.3 Run Spybot S&D and update it. Then Re-Immunize to add new protections. Don't bother scanning since SUPERAntiSpyware and Malwarebytes were already run and are more than sufficient.
    2.4 Run SpywareBlaster and update it. Enable all new protections. This can be twice a month since it does not update as frequently as other tools.
    2.4 Update antivirus program and then run full system scan and remove all that is found.
    2.4 Empty ALL Quarantine type folders for antivirus and antispyware applications unless you are unsure if something was removed that should not be.

    Delete step 4 since you already emptied the Recycle Bin when you ran CCleaner.

    Old steps 5,6,7, 9 and 11 are part of step 3 above.

    3. Flush System Restore Points only if real malware problems were found. Do not flush just for cookies which are not problems.

    Step 10 should not be necessary once set. However if you had major malware found and removed it would not hurt to repeat this step.
    10. In Internet Explorer, Adjust Active X security settings according to your link “How to protect yourself from malware!”

    Remove all of the Norton System Works steps since you don't need them. Most was already done above. You can leave the defrag, but I would only do this once every two months unless you are doing extensive changes to files on the PC (like lots of adding and deleting especially if large files are envolved) Check the defragger tool and see if it even recommends defragging before wasting time doing it.

    Reboot and make sure everything is working OK.
     
    chaslang, Apr 30, 2009
    #7
  8. manilka835

    manilka835 Specialist

    Dr. K.D.J.H. Manilka Jayawardena,
    Medical Officer,
    National Tuberculosis Reference Laboratory (Central Laboratory of NPTCCD),
    Chest Hospital Premises,
    Welisara.
    Sri Lanka.
    Wednesday 17th June 2009.​

    Dear Chaslang,
    MajorGeeks Admin - Malware Expert.

    Malware- Admin


    Thanks again for your advice on my weekly scanning programme.

    Till Malware strikes again to "Admin", Goodbye and keepup the good work.

    Thanking you.​

    All the best,
    Manilka​
    :wave
     
    manilka835, Jun 17, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jun 19, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds