troj/virtum-gen and Mal/Generic-A

Hello,

I think my laptop still has these viruses and would need help for removal.

Right now, these are the symptoms I see:
- It takes VERY LONG to start or restart my laptop (about five minutes of a blank screen after the windows logo, and about another five minutes after I log onto windows.
- It takes a VERY LONG time to start Spybot S&E, about five minutes or so after I click on the program.
- In Sophos' Quarantine Manager, I still have Mal/VB-M (from trying vundofix.exe) and I have Mal/Generic-A (in a system restore location), neither of which I can Perform Action on.
- In Sophos Quarantine Manager, I originally had the Troj/virtum-gen on the list too, but tried a clean up on it a few times before it seem to have worked, and now it's not on the list anymore

I have followed the "Read & Run Me First" steps. Attached are the logs, (and the MGlog will be in the new post.)


Thank you very much,

Woo

 

And here is the MGlogs. Thank you.

 

Hi woofai,
Welcome to Major Geeks!

Your computer problems look more like they may be due to your programs exceeding your capacity than to malware problems.


I would like to have you use ComboFix to remove some files. One of these files may or may not be malware, but the rest are just items which can be fixed.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

FILE::
C:\WINDOWS\Temp\inf1clrg.tmp
C:\WINDOWS\Temp\JETCD2F.tmp
C:\WINDOWS\Temp\JETCD3F.tmp
C:\Documents and Settings\John Chan\Local Settings\temp\~DF2DAA.tmp

FOLDER::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\John Chan\Local Settings\temp\plugtmp

REGISTRY::

[-HKEY_CURRENT_USER\Software\Kazaa]
[-HKEY_LOCAL_MACHINE\SOFTWARE\knight]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=-
"HideLogoffScripts"=-
"RunLogonScriptSync"=-
"RunStartupScriptSync"=-
"HideStartupScripts"=-

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run CCleaner at the default setting with the Windows tab as the top one.

Please attach the Combofix log.


Let me know how things are running now?

abri

 

Hi TimW and Abri,

Thanks for verifying that the virus is gone. I have performed the tasks listed. (Attached is my combofix log.) However, my laptop still starts very slowly. What else could be the problem?

The only thing I can think of is that I used to use msconfig to do selective startups, but during the READ AND RUN ME FIRST procedures, I switched back to normal startup. Would going through each startup item with another program help? I have not done that yet and will do it later tonight if that's the case.

Thanks very much,

Woofai

 

Hi woofai,

There is still a question about something in your Combofix log. One of us will get back to you about this. Thanks for being patient.

abri

 

Hi abri,

My laptop works better now. I just uninstalled Sophos Antivirus and installed Avast, and the startup time is okay without tweaking anything else. So I guess Sophos might have indeed caused the problem. Is there anything else I should do to make sure things are okay?

Thanks for your help,

John

 

Hi woofai,

Please do the following:



I would like to have you use ComboFix to remove some files. One of these files may or may not be malware, but the rest are just items which can be fixed.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

FILE::
C:\WINDOWS\system32\Explorer.exe

REGISTRY::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Explorer"=-

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run CCleaner at the default setting with the Windows tab as the top one.

Please attach the Combofix log.

Then, if you have not yet done the removal instructions posted to you by TimW, please go ahead with them now. If you have not cleared and reset your restore point, please wait with that.

Thanks.
abri

 

Hi abri.

I have ran combofix and attached is my combofix log. (I have ran TimW's removal before and did not rerun it this time.) Will wait for your response on any next steps.

Thanks,
woofai

 

I think I am okay, no issue after uninstalling Sophos. Thanks you abri and majorgeeks.com for the help.

 

Hi woofai,

I'm glad you found the solution in switching out Sophos. Unless you think you'll be needing Smitfraud Fix, you can remove the following files from your computer and then I'll give you the final cleanup instructions below.

• Make sure that combofix.exe (cf.exe) that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
• If it is not on your Desktop, the below will not work.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

File::
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\tmp.reg

Folder::
C:\Documents and Settings\John Chan\SmitfraudFix

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe (cf.exe)
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note: Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now run CCleaner at the default setting with the Windows tab as the top one.

Now REBOOT your computer and see how everything is working. If you are satisfied, continue with the final cleanup instructions.

Below are the final cleanup instructions which will have you remove all of the tools and logs we had you put on your computer:

abri

 

Hi abri,

I've ran through the cleanup steps. Attached is my log.

Thanks,
woofai

 

Thanks woofai!
Everything looks good!
All the best of computer experiences to you.
abri