Please help "Win32/RBot.3eu!Worm" Got my attention I think its worse

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by SgtBurns, Oct 12, 2009.

  1. SgtBurns

    SgtBurns Private E-2

    Hello, It is my first time posting but long time reader.
    This is my wife's computer so I am not sure when all the problems got started I first noticed a problem with Internet Explorer when links would not work. I then got a message W32/Gaobot.worm.gen.u Win32/RBot.3eu!Worm detected just before the PC shut down. I re-booted and attempted to remove and reinstall IE. I ran Trend house call and McAfee prior. I can not install any version of IE or turn on McAfee I get permission errors such as " Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." It happens with other files and apps as well. I am able to use Mozilla and I was able to update it making it possible to make this post. It took all of the tricks listed to get the 4 log files but I got em!
     

    Attached Files:

    SgtBurns, Oct 12, 2009
    #1
  2. SgtBurns

    SgtBurns Private E-2

    Combofix log

    Thanks in advance!
     

    Attached Files:

    SgtBurns, Oct 12, 2009
    #2
  3. SgtBurns

    SgtBurns Private E-2

    I ran Trend Micro Rootkit buster but did not make any changes. Log attached.
    Not a Bump! file too large...;)
     

    Attached Files:

    Last edited: Oct 13, 2009
    SgtBurns, Oct 13, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please put ComboFix on your desktop as instructed, not here:
    c:\documents and settings\Owner.MAINPC\My Documents\Downloads\ComboFix.exe

    You are running Spyware Doctor with AntiVirus so you should not have a second active AV program running. I suggest that you totally remove McAfee.

    Please double click on C:\MGTools\FixPerm.bat and see if that doesnt take care of your permissions issue.

    Use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 10"
    J2SE Runtime Environment 5.0 Update 2"
    Java(TM) 6 Update 15"
    Java(TM) 6 Update 2"
    Java(TM) 6 Update 7"
    Java(TM) SE Runtime Environment 6 Update 1

    Reboot and install:
    Java Runtime 6

    Now tell me exactly what issues you may be having.
     
    TimW, Oct 17, 2009
    #4
  5. SgtBurns

    SgtBurns Private E-2

    Thanks TimW
    I did the things you requested. I have no issue with permissions after doing so. I still have an issue with the systems all around speed. It takes much longer to boot then before and seems to have a slow reaction time. One thing I happened to come accross is that the power suply is 300w and I upgraded the video card about 18mos ago, I have read that performance can be affected by low amp outputs. I ordered a new 500w suply along with a SATA hard drive for storage and backups but im not convinced there isnt a software issue lurking in there someplace.
     
    SgtBurns, Oct 21, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your system info is not giving me any idea as to what you have installed as to RAM. But I suggest that you post in the software forum for those issues.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    TimW, Oct 23, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds