malware problem please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by butchergav, Mar 12, 2007.

  1. butchergav

    butchergav Private E-2

    ive been getting popups and redirects, main virus seems to be appearing
    is virtumonde among others, ive followed the stickyu and will post my results
    any help would be great. ps ive tried wiping hardrive but still appears when
    reloaded.
     

    Attached Files:

    butchergav, Mar 12, 2007
    #1
  2. butchergav

    butchergav Private E-2

    here is my other attchments thanks again.
     

    Attached Files:

    butchergav, Mar 12, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Continue by downloading a tool we will need - Pocket KillBox

    Save it to its own folder somewhere that you will be able to locate it later.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {A46D226E-FE71-40CF-B847-A0E2D450F9C8} - C:\WINDOWS\System32\yayxxvu.dll G
    O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\System32\toixftpl.dll (file missing)
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\sfeeajoe.dll",setvm
    O20 - Winlogon Notify: pmkjh - C:\WINDOWS\System32\pmkjh.dll (file missing)

    After clicking Fix, exit HJT.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.


    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:

    * Delete on Reboot
    * then Click on the All Files button.*(or on the folders option)*
    * Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\sfeeajoe.dll
    C:\WINDOWS\system32\yayxxvu.dll
    C:\WINDOWS\system32\15D8D95C.exe
    C:\WINDOWS\system32\241C869F.exe
    C:\WINDOWS\system32\hjkmp.bak1
    C:\WINDOWS\system32\hjkmp.bak2
    C:\WINDOWS\system32\hjkmp.tmp
    C:\WINDOWS\system32\brnxewdy.ini
    C:\WINDOWS\system32\eojaeefs.ini
    C:\WINDOWS\system32\eojaee~1.ini
    C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\hjkmp~1.ini


    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click the box for unregister .dll's. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT
     
    TimW, Mar 12, 2007
    #3
  4. butchergav

    butchergav Private E-2

    Hi timW, many thanks for the help,

    I have followed the steps and posted the logs,

    Thanks again

    ps i did get the message after killbox and had to reboot myself manually.
     
    butchergav, Mar 12, 2007
    #4
  5. butchergav

    butchergav Private E-2

    Sorry here are the logs...
     

    Attached Files:

    butchergav, Mar 12, 2007
    #5
  6. butchergav

    butchergav Private E-2

    Thought id give an update, i have been surfing around and am still
    getting the odd popup window but doesnt seem to be as regular
    also i installed avast antivirus will give it a run later,

    thanks for any help..
     
    butchergav, Mar 12, 2007
    #6
  7. butchergav

    butchergav Private E-2

    Scrub that redirects and pop ups are as frequent as ever
    someone plz help..... :cry
     
    butchergav, Mar 12, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You did not rename HJT. Please uninstall, redownload and unzip to C:\Program Files\HJT\analysethis

    Download Process Explorer.

    Reboot in Safe Mode (do not open any other processes)

    Go ahead and manually delete:
    C:\Documents and Settings\Gav\Local Settings\Temp\7e95b6fd.tmp

    Run Process Explorer 10.21

    In the top section of the Process Explorer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

    Once you see this screen click on each instance of sfeeajoe.dll,and yayxxvu.dll once and then click the kill button. After you have killed all of the sfeeajoe.dll,and yayxxvu.dlls under winlogon click ok. (If you do not find the dll, just continue on.)

    Next double click on explorer.exe and again click once on each instance of sfeeajoe.dll,and yayxxvu.dll and kill it.

    Next double click on iexplore.exe and again click once on each instance of sfeeajoe.dll,and yayxxvu.dll and kill it. (If you do not find the dll, just continue on.)

    Now just exit Process Explorer.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {A46D226E-FE71-40CF-B847-A0E2D450F9C8} - C:\WINDOWS\system32\yayxxvu.dll
    O20 - Winlogon Notify: yayxxvu - C:\WINDOWS\SYSTEM32\yayxxvu.dll

    After clicking fix, just exit HJT

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now run Pocket Killbox:
    Choose Tools > Delete Temp Files and click OK.

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

    C:\WINDOWS\system32\15d8d95c.exe
    C:\WINDOWS\system32\241c869f.exe
    C:\WINDOWS\system32\sfeeajoe.dll
    C:\WINDOWS\system32\yayxxvu.dll
    C:\WINDOWS\system32\hjkmp~1.bak
    C:\WINDOWS\system32\hjkmp~2.bak
    C:\WINDOWS\system32\hjkmp.tmp
    C:\WINDOWS\system32\brnxewdy.ini
    C:\WINDOWS\system32\eojaeefs.ini
    C:\WINDOWS\system32\eojaee~1.ini
    C:\WINDOWS\system32\hjkmp.ini
    C:\WINDOWS\system32\hjkmp~1.ini

    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT
     
    TimW, Mar 12, 2007
    #8
  9. butchergav

    butchergav Private E-2

    Ok, sorry about HJT thought i did rename it properly :eek:

    heres my new logs, i didnt get the error this time on killbox
    and it reebooted itself......

    i could not find iexplore.exe in process explorer but found the rest...

    heres my new logs.

    thanks.

    ps just got a sysyem doctor pop up as im doing this.. rolleyes
     

    Attached Files:

    butchergav, Mar 13, 2007
    #9
  10. butchergav

    butchergav Private E-2

    Hi timw,

    since my last post i followed the special virus removal thread for vundo
    and i downloaded vundofixer and let it delete the files i found,
    so far touch wood rolleyes i havent had any problems since, early days tho

    i attached my new logs after doing that with this thread see what you think.

    thanks.
     

    Attached Files:

    butchergav, Mar 13, 2007
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run Process Explorer again and in each instance look for and kill:
    odoruhbc.dll
    rhvqvqwk.dll

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {963DD2C8-65CB-4C3B-9364-CE6002087644} - C:\WINDOWS\system32\odoruhbc.dll
    O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\rhvqvqwk.dll",setvm

    After clicking Fix, exit HJT.

    Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

    Now run Pocket Killbox by doubleclicking on killbox.exe
    Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:

    * Delete on Reboot
    * then Click on the All Files button.*(or on the folders option)*
    * Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\system32\odoruhbc.dll
    C:\Windows\system32\rhvqvqwk.dll
    C:\Windows\system32\ststv.bak1
    C:\Windows\system32\tmp50_1.tmp
    C:\Windows\system32\kwqvqvhr.ini
    C:\Windows\system32\ststv.ini

    * Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    * Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT
     
    TimW, Mar 13, 2007
    #11
  12. butchergav

    butchergav Private E-2

    Hi again,
    no error messages all went well, included logs

    thanks.
     

    Attached Files:

    butchergav, Mar 13, 2007
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O2 - BHO: (no name) - {9AC3E516-1CD1-4A3B-AD60-AD78E677E65E} - C:\WINDOWS\system32\ssqrs.dll (file missing)

    After clicking Fix, exit HJT.

    Let me know how things are running, so that we can do the final steps.
     
    TimW, Mar 13, 2007
    #13
  14. butchergav

    butchergav Private E-2

    all seems back to normal, no pop ups appearing or redirects
    :)
     
    butchergav, Mar 13, 2007
    #14
  15. butchergav

    butchergav Private E-2

    Hi again,

    browsing still fine but on running ccleaner it is still picking up virtumonde
    it says ans some other bad cookies, but as i say browsing ans system still
    fine.
     
    butchergav, Mar 14, 2007
    #15
  16. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Where is it picking it up? Can you post the whole path that it reports? And is it possible that you have another user account that has not been checked?
     
    TimW, Mar 14, 2007
    #16
  17. butchergav

    butchergav Private E-2

    Sorry tim i ment counter spy was picking it up.

    here is the last log from its scan this morning....

    Scan History Details
    Start Date: 14/03/2007 07:06:42
    End Date: 14/03/2007 07:18:30
    Total Time: 11 Min 48 Sec
    Detected security risks

    Cookie: Adviva Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@adviva[2].txt


    Cookie: ATDMT.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@atdmt[2].txt


    Cookie: BFast.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@bfast[2].txt


    Cookie: BurstNet.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@burstnet[1].txt


    Cookie: DoubleClick Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@doubleclick[1].txt


    Cookie: Hitbox.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@hitbox[2].txt


    Cookie: FastClick.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@fastclick[2].txt


    Cookie: Mediaplex.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@mediaplex[1].txt


    Cookie: QuestionMarket.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@questionmarket[2].txt


    Cookie: Advertising.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@advertising[1].txt


    Cookie: TribalFusion.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@tribalfusion[2].txt


    Cookie: as-us.falkag Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@as-us.falkag[2].txt


    Cookie: statcounter.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@statcounter[1].txt


    Virtumonde Adware (General) more information...
    Details: Virtumonde is an adware program that displays pop-up advertisements on the desktop. Virtumonde also downloads other software from various remote servers.
    Status: Deleted

    Registry entries detected
    HKEY_LOCAL_MACHINE\SOFTWARE\ARAF15


    Cookie: ad.yieldmanager Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Deleted

    Cookies detected
    c:\documents and settings\gav\cookies\gav@ad.yieldmanager[1].txt
     
    butchergav, Mar 14, 2007
    #17
  18. butchergav

    butchergav Private E-2

    Also, I only have one user account setup the hard drive has not been long
    wiped only my account and administrator appears.
     
    butchergav, Mar 14, 2007
    #18
  19. butchergav

    butchergav Private E-2

    Hmmmm, tried another scan this time no trace of it....
    just bad cookies again (dont no if ther anything to be worried about)

    heres the log again..

    Scan History Details
    Start Date: 14/03/2007 21:58:19
    End Date: 14/03/2007 22:13:01
    Total Time: 14 Min 42 Sec
    Detected security risks

    Cookie: ATDMT.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@atdmt[1].txt


    Cookie: BS.Serving-Sys Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@bs.serving-sys[2].txt
    c:\documents and settings\gav\cookies\gav@serving-sys[2].txt


    Cookie: Com.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@com[1].txt


    Cookie: DoubleClick Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@doubleclick[1].txt


    Cookie: Mediaplex.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@mediaplex[1].txt


    Cookie: Advertising.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@advertising[2].txt


    Cookie: TribalFusion.com Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@tribalfusion[1].txt


    Cookie: PriceBandit Cookie (General) more information...
    Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
    Status: Ignored

    Cookies detected
    c:\documents and settings\gav\cookies\gav@apmebf[1].txt
     
    butchergav, Mar 14, 2007
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Do read the info in the link:
    You may uninstall any programs we had you download.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used Pocket Killbox during your cleanup, do the below
    * Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
    * go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
    * How to Protect yourself from malware!
     
    TimW, Mar 14, 2007
    #20
  21. butchergav

    butchergav Private E-2

    Done all above and have now installed all recommended firewalls, antivirus etc..

    Thanks a million timW you been a great help, cheers :wave
     
    butchergav, Mar 15, 2007
    #21
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem...safe surfing.
     
    TimW, Mar 15, 2007
    #22

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds