Malware Removal - Assistance Requested

Discussion in 'Malware Help (A Specialist Will Reply)' started by gmrstudios, Mar 24, 2009.

  1. gmrstudios

    gmrstudios Private E-2

    Thank you for reading my post

    My computer was infected by a number of different malicious virus, trojans, etc. I began to notice something was wrong when I was prompted with ballon notification "Your computer may be infected..etc..." originating from ared X notification in my task bar. Once I recognized something was wrong I tried to open access Task Manager via ctrl+alt+del (greyed out) and the run command (disabled by administrator). System restore was never enabled on my machine so I set out to remove the malicious code with the tools provided on this website. After running the software per the instructions it seems the majority of problems have been resolved. However, .jpg files on my machine don't display when going to websites or when pulling them up locally. I also receive threat detection prompts from AVG referencing the following file:

    C:\WINDOWS\system32\drives\restore.sys
    Threat Name: Trojan horse BackDoor.Generic10.ACET

    When I attempt to heal I get "Some files cannot be healed" Specified file was not found. I can however move it to the vault.

    Thanks for reading.
     

    Attached Files:

    gmrstudios, Mar 24, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You did not allow MGTools to run to completion. You need to agree to the HJT license and wait for it to tell you it is finished.

    In the mean time, you need to use windows explorer to find and delete:
    C:\lwoa.exe
    C:\-1607637535
    c:\windows\system32\drivers\5522d9fd.sys
    c:\windows\system32\drivers\dff9d38c.sys
    c:\windows\ms --> unless you know what this is!

    Open notepad and copy and paste the following text in the quote box into the window:
    Save this as fix.bat
    Choose to save as all files.
    Doubleclick fix.bat and let the program run.
    A small black dos window will flash, this is normal.

    Now re-run ComboFix.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combo.
     
    TimW, Mar 27, 2009
    #2
  3. gmrstudios

    gmrstudios Private E-2

    Thanks for responding!

    C:\lwoa.exe - deleted
    C:\-1607637535 - deleted
    c:\windows\system32\drivers\5522d9fd.sys - no longer exist
    c:\windows\system32\drivers\dff9d38c.sys - no longer exist
    c:\windows\ms --> unless you know what this is! - deleted

    Thanks again!
     

    Attached Files:

    gmrstudios, Mar 28, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you still having issues? Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

      • Delete the C:\combofix folder from combofix (if it exists)

    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    8. After doing the above, you should work thru the below link:

     
    TimW, Mar 31, 2009
    #4
  5. gmrstudios

    gmrstudios Private E-2

    The machine looks to be clean. No prompts or errors since applying your fixes.

    Thanks Again!
     
    gmrstudios, Apr 3, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know...safe surfing. :)
     
    TimW, Apr 6, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds