Torpig infection - need advise

I'm not too sure if this is the right forum but I need some advise:

My machine had been infected w/ Torpig a while back but has already been cleaned (or at least Spyware Doctor, NOD32 and Spybot S&D doesn't detect anymore infections). But I've been told that formatting the drives and reinstalling Windows is the best way to go about it, so I've decided to do so.

Now, I have a lot of files (pics, docs, etc.) that haven't been backed up yet, and I have two hard drives, and multiple partitions. I was wondering if it's okay to just transfer my files to the other drive and format the system drive and re-install? Or will my machine still be compromised?

 

Hi rinrin,
Welcome to Major Geeks!

Why would someone tell you to reformat your computer if it is clean? Did they tell you that your system files were so badly damaged that they couldn't be recovered? What problems are you still having that make you want to reformat?

To begin with, it would be a good idea to copy your files whether you reformat or not. There's an online scan that BitDefender offers which allows you to scan single drives or even individual areas of your computer. If you want to run that on the files you are transferring, the instructions for using it can be found at Using BitDefender Online Scan. This has to be run with Internet Explorer with Active X enabled. After you click on I agree, a page comes up with two options highlighted in the box above the start scanning button. The first of these two options allows you to point the scan at whatever you want to have scanned.

If you want us to look at your computer, please follow the instructions in the READ & RUN ME FIRST and attach the requested logs so we can see if there is any further malware.

abri

 

Here are the requested logs. I hope I did this right.

 

Hi rinrin,

Your logs are pretty clean. I would ask you to do the following small things. As for reinstalling Windows, I guess I always avoid that when I have some other alternative.


1) Go to add/remove programs and uninstall the below:

- Java 2 Runtime Environment, SE v1.4.2_16


2) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger


3) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

4) Now run CCleaner at the default setting with the Windows tab as the top one.


Let me know how things are running now.

abri

 

Hi abri,
Thanks for the "clean bill of health" for my pc and for you quick response. I too would also like to avoid a reinstall if I can help it.

I've uninstalled Java 2 RE, SE v1.4.2_16. I think this was installed together with Nokia Theme Studio. I have also disabled Windows Messenger.

Also, I think I'm using a new version of The Avenger since I could no longer find the magnifying glass icon, only Execute was found.
The two tmp files have been deleted. But I would like to ask, are these leftovers from malwares? I looked at the date of the file (from the backup.zip) and it says October 26, 2007. This pc was bought after that date. Any ideas how I got these and where these came from?

Edit: I found other files of similar names found in the windows and system32 folders, but with different dates and seems to be from Microsoft. I'm not sure if they're legit but the files are:
C:\WINDOWS\SET3.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET8.tmp
C:\WINDOWS\SET25.tmp
C:\WINDOWS\system32\SET8C.tmp
C:\WINDOWS\system32\SET8D.tmp
C:\WINDOWS\system32\SET77.tmp
C:\WINDOWS\system32\SET83.tmp
C:\WINDOWS\system32\SET91.tmp

There's more, but I'll leave it as that. Is it safe to delete them too?

 

Hi rinrin,
No magnifying glass huh? hmmmmm .....

Yes, it's safe to delete all of those.

After you finish, please run the final cleanup instructions in the boxlease do the final cleanup instructions in the box:

abri

 

Thanks for all your help abri!

 

You're welcome!
Best of luck to you with your computer!