Security threats reported after completing Malware removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by el rapido, Feb 3, 2009.

  1. el rapido

    el rapido Private E-2

    I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

    Thank you!

    After completing the procedure I now get error alerts on my existing Security software:

    1. Norton Internet Security 2009 -
    a Risks in compressed file "dc1.exe"
    b Risks in compressed file "Combofix.exe"

    2. Spyware Doctor -
    Application.NirCmd (22 infections)

    Do you know if these are false alarms related to the Malware removal process?

    Should I ignore these alarms, or let the software apply a fix?

    Can I now safely toggle System Restore?
     

    Attached Files:

    el rapido, Feb 3, 2009
    #1
  2. el rapido

    el rapido Private E-2

    I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

    I did run the scans but I don't think they found any infections
     
    el rapido, Feb 3, 2009
    #2
  3. el rapido

    el rapido Private E-2

    Here are the two other logs:


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/01/2009 at 12:36 PM

    Application Version : 4.25.1012

    Core Rules Database Version : 3738
    Trace Rules Database Version: 1707

    Scan type : Complete Scan
    Total Scan Time : 00:47:45

    Memory items scanned : 508
    Memory threats detected : 0
    Registry items scanned : 5657
    Registry threats detected : 0
    File items scanned : 23789
    File threats detected : 0


    Malwarebytes' Anti-Malware 1.33
    Database version: 1712
    Windows 5.1.2600 Service Pack 3

    01/02/2009 16:58:56
    mbam-log-2009-02-01 (16-58-56).txt

    Scan type: Quick Scan
    Objects scanned: 72513
    Time elapsed: 48 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    el rapido, Feb 4, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your logs are clean.....is Spyware Doctor a paid for or free version? If free, uninstall it.

    You are getting false positives for ComboFix. We can fix that by doing the following:

    I will strongly advise you not to allow all users admin. privileges...once malware is in your system in a admin. account.it has free reign of the computer.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They are useful as backup scanners. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    Last edited: Feb 6, 2009
    TimW, Feb 6, 2009
    #4
  5. el rapido

    el rapido Private E-2

    Spyware Doctor is a paid version (nearly 1 year to run)

    The uninstall of Combofix gave a Windows error message - unable to find 32788R22FWJFW\prep.com

    Should I retain:
    CCleaner?
    Spybot search & destroy?
    Spywareblaster?
     
    el rapido, Feb 10, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can manually delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.

    You can also keep those programs.
     
    TimW, Feb 12, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds