Not Emergency, but if someone has time.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Archimdae, Nov 9, 2010.

  1. Archimdae

    Archimdae Private E-2

    I had a malware called Antivirus 2010. I'm still not quite sure when or from where it came from but it started it's attacking right after I declined an browser install from a Facebook app.

    Anyway, I went through the Vista Cleaning Procedure (I'm on Windows 7 starter on an eee netbook) and I'm posting my logs. I *think* I got rid of everything but if someone who knows how to read these things has a little spare time I'd appreciate a glance just to see if everything is on the up and up.

    Thanks a bunch, if you have any questions or need me to re-run anything, just say. I could not run RootRepeal as it gives an error when I try to open it "FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x000000dc)" and then says it could not scan whenever I try to.

    -Archi
     

    Attached Files:

    Archimdae, Nov 9, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It looks like the scans took care of any malware on your system. I am not seeing any additional issues in the other logs.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.


    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.

    10. After doing the above, you should work thru the below link:




    Support MajorGeeks with Geek Wear!
     
    TimW, Nov 10, 2010
    #2
  3. Archimdae

    Archimdae Private E-2

    Last night I let the onelive microsoft windows scanner run. It found 3 things. I thought it would give me a log so I didn't write them down but it was unable to remove the 3 items. I'm running it again so I can get specifically what it found. I do remember something about Java 6 20 exploit. Though yesterday after cleaning everything I uninstalled old Java and installed the newest Java 6 22.

    I'll add to this post a little later once I get the results again of what it found.

    Ahh got it:

    Exploit:Java/CVE-2008-5353.JJ
    Exploit:Java/CVE-2009-3867.HD
    TrojanDownloader:Java/OpenConnection.ES
     
    Archimdae, Nov 10, 2010
    #3
  4. Archimdae

    Archimdae Private E-2

    More information on the next page:

    3 Severe issues found
    -Exploit:Java/CVE-2008-5353.JJ
    --Issue 1 c:\documents and settings\archi dane\appdata\locallow\sun\java\deployment\cache\6.0\39\7fd1dde7-4f2fff3f

    -Exploit:Java/CVE-2009-3867.HD
    --Issue 1 c:\documents and settings\archi dane\appdata\locallow\sun\java\deployment\cache\6.0\39\7fd1dde7-4f2fff3f

    -TrojanDownloader:Java/OpenConnection.ES
    --Issue 1 c:\documents and settings\archi dane\appdata\locallow\sun\java\deployment\cache\6.0\39\7fd1dde7-4f2fff3f
     
    Archimdae, Nov 10, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Probably false positives. Neither SAS nor MBAM detected it as a problem. Are you having malware issues? Is anything not running properly?
     
    TimW, Nov 10, 2010
    #5
  6. Archimdae

    Archimdae Private E-2

    Everything seems stable right now. I had an issue with the firewall not letting me turn it on but it was just disable in the admin tools. Not sure what did that but it's on and seems fine now.

    I'll go ahead and go through your finishing instructions.

    Thanks so much for the help.
     
    Archimdae, Nov 10, 2010
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Nov 10, 2010
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds