Please help, malware issues

Discussion in 'Malware Help (A Specialist Will Reply)' started by insomniak1981, Apr 18, 2009.

  1. insomniak1981

    insomniak1981 Private E-2

    Hi
    sorry my first post is a cry for help but this seems to be the best place to get help. My problems started last night, I was searching the internet to try and find a way to get around having to wait 15 minutes between downloads on rapidshare (I know, I'm an idiot but I'd had a few beers and was trying to get an 800MB file in less than 2/3 hours). After a bit of googling I came across some sites that said they would allow me to download several files straight after each other by entering the rapidshare URL into a search bar on the site (none of them worked). I tried about 5 of these sites before I realised it wasn't going to work ( I have a list of about 30 of these sites). Thanks to the beer it never occured to me that these sites may be mallicious and I never noticed anything strange about my system until a few hours later. Web links were being redirected and my firewall kept allerting me to strange connections and applications trying to run. I realised something was wrong so I ran full scans with spybot S&D, ad-aware, malwarebytes anti- malware and eset smart security. After restarting my laptop I then started to get blue screens of death if I tried to run firefox when another program was running. I realised I still had problems so I searched the main site for anti-spyware tools and downloaded superantispyware and cwshredder and ran them both (SAS found a further 13 infections) but I still had problems using my broadband.
    I decided to check the forums and I came across the READ & RUN ME post.
    I'd already done everything in the post so I followed the XP cleaning guide. I followed it to the letter apart from I'd already run malwarebytes before SAS but I'm still concerned I have problems (and no idea how to interpret the log files created by ComboFix or MGtools) so I would be extremely greatful if someone could find the time to offer me some assistance.
    I am attatching all the logs requested in the xp cleaning guide (I am uploading only the 1st SAS log because of the 4 file limit but the second scan was completely clean), but if I have missed anything or you need any further info then please let me know
    Thanks.
     

    Attached Files:

    insomniak1981, Apr 18, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The only apparent remaining issues is that you need to uninstall the illegal copy or NOD32 with the trojan program being used to run it. See this: http://www.greatis.com/appdata/d/n/nodenable.exe_Removal.htm

    You should also uninstall any other illegal software like this that you may have downloaded and installed.

    You also need to uninstall the old Sun Java version ( Java(TM) SE Runtime Environment 6 ) and download and install the current version as requested in step 1 of the READ & RUN ME.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Apr 21, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds