Trajan & rootkit issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Joyfulsong11, May 24, 2011.

  1. Joyfulsong11

    Joyfulsong11 Private E-2

    I have had issues with another computer for a while now, and it has spread to this computer which I am now attempting to save in hopes of avoiding further spreading. I have run the procedures recommended in your malware removal guide, and am attaching the logs.

    As for what the computer has been doing, there really haven't not been any symptoms other than a general slowing and my anti virus recently finding the "Eldorado" virus after about a month of using files from another infected computer. I really don't know how the other computer was infected, there were no emails opened on that computer, no potentially hazardous sites visited unless you count Google Images to collect clipart for children's program advertisements. Not exactly porn there. :) No videos of any kind watched aside from youtube.com. To my knowledge there is no illegal software present. I will hopefully be running the same process on that infected computer and will post it's results in a separate post. For this computer I am simply trying to prevent it from getting as bad as the other one.

    The procedure I performed on this computer followed the instructions outlined in your cleaning guide, with a couple of minor glitches.

    1) SuperAntiSpyware preformed fine with no issues.

    2) MalwareBytes also preformed well with no issues.

    3) ComboFix ran once, informed me that it needed the Windows Recovery Console, attempted to install and failed. It completed scaning, and after it completed it's scan and produced a log, I manually downloaded and installed the Windows Recovery from Microsoft as per the instructions. This resulted in another ComboFix scan and another log. I then realized that I had run both scans without the external hard drive hooked up that had transmitted the virus in the first place, so ran a third ComboFix scan with the external hard drive hooked up. My apologies if that causes problems from running too many times.

    4) RootRepeal ran for a short time and then seemed to freeze and didn't show any activity for over an hour. I thought that it was stuck and attempted to restart the scan making sure to disable all AV that might be interfering. After a second scan produced the same results, I abandoned scanning with it and moved on to the next step. I did however come back and run another scan after the MGtools scan, which I left for about 2.5 hours, this time it completed and produced a log.

    5) MGtools scanned fine, unfortunately I forgot to make sure that external hard drive was connected before running the scan, so I ran a second scan with it connected. I don't know which set of logs was included in the zip file, but I'm assuming it was the second scan and the first was overwritten - I hope. :)


    I really don't know if all problems are resolved or not due to the lack of early symptoms. On the other infected computer it took over two months for it to begin showing real symptoms beyond slowness, which included browser crashing, download failure and installation failure. I'm hoping to avoid that this time ! Any assistance would be appreciated and I look forward (patiently) to an analysis of the issues. Thank you very much for your help !

    Joyfulsong11
     

    Attached Files:

    Joyfulsong11, May 24, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    We still need the C:\MGLogs.zip. Plus, you need to put ComboFix directly on your desktop, not here:
    Running from: C:\ComboFix.exe

    Now also do this:
    TDSSkiller - How to run
     
    TimW, May 24, 2011
    #2
  3. Joyfulsong11

    Joyfulsong11 Private E-2

    Thanks TimW.

    Sorry the logs weren't included earlier, I couldn't get back to my original post to add a reply. Here are the other logs from the previous scans, and I'll move the ComboFix and post the scan log from that later.

    Joyfulsong11
     

    Attached Files:

    Joyfulsong11, May 24, 2011
    #3
  4. Joyfulsong11

    Joyfulsong11 Private E-2

    Here are the two log files you requested.
     

    Attached Files:

    Joyfulsong11, May 24, 2011
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Use windows explorer to find and delete the below files.

    • C:\windows\Rvota.dat
    • C:\windows\Equsejowera.bin

    Reboot     the machine.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

    Let me know of any problems you may have encountered with the above instructions and also let us know how things are running now!
     
    Kestrel13!, May 24, 2011
    #5
  6. Joyfulsong11

    Joyfulsong11 Private E-2

    Here's the zip file from MGtools. Thanks for all the help, things do seem to be running A LOT faster ! Amazing the difference cleanliness makes ! These tools are great, I'll be starting on the computer that got the original virus soon, the one from which this computer was infected. Thanks so much, and let me know if there's anything else I need to do. These tools are great, and I'll definitely keep them in mind for friends when they have problems too.

    Joyfulsong11
     

    Attached Files:

    Joyfulsong11, May 24, 2011
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, May 25, 2011
    #7
  8. Joyfulsong11

    Joyfulsong11 Private E-2

    Thanks so much for all the help. All seems to be working well, and the peace of mind from knowing the machine is clean is a HUGE weight off !

    Joyfulsong11
     
    Joyfulsong11, Jun 1, 2011
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Jun 1, 2011
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds