Trojan? Confused.

Discussion in 'Malware Help (A Specialist Will Reply)' started by murphatoid, Dec 17, 2010.

  1. murphatoid

    murphatoid Private E-2

    Hello,

    Thanks in advance for your help.

    I'm not sure if I have a problem or not. My laptop seems to be running ok but I did have a problem running one of the clean up scans.

    The only thing I have changed on it recently is my browser and antivirus. Firefox was hanging all the time so I switched to Chrome about 4 months ago, then AVG free wouldn't update so I installed MSSE about a week or two ago. I haven't been doing any questionable surfing!

    When I booted the laptop on a couple of days ago I got a MSSE alert saying I had a Rogue:Win32/FakeVimes infection. It couldn't clean it, I got a error message saying it couldn't access it or something (forgot to write it down, sorry).

    I googled it but that just confused me, so I uninstalled MSSE, installed Avira, scanned - detected nothing. Uninstalled Avira, Reinstalled MSSE, scanned - detected nothing. Decided it was a false positive, got rid of MSSE again and put Avira back on for good.

    Still concerned so did Read & Run me for Vista (home premium).
    Stupidly forgot to turn off Comodo Firewall while running Combofix so I kept getting alerts and probably buggered that scan up. Rootrepeal got stuck while scanning C:\Windows|winsxs\Manifest\ and then said there was an error. I had to kill the process with revouninstaller, tried to run it again and the same thing happened, so no log for that. Mg tools ran ok but not like you said in the guide, it ran straight from double clicking.

    Thats about it really, sorry for the long post and not running combofix properly. Would you mind looking over my logs to see if there is a problem? Many thanks.

    Laura
     

    Attached Files:

    murphatoid, Dec 17, 2010
    #1
  2. murphatoid

    murphatoid Private E-2

    I forgot to say Windows wont update either. Hope this doesn't count as bumping, only posted two minutes ago.
     
    murphatoid, Dec 17, 2010
    #2
  3. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    No, not a problem, I'll review your logs now once I have sat down with a cup of tea.
     
    Kestrel13!, Dec 17, 2010
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Not seeing any malware in those logs.

    The Comodo Internet Security you have installed... this is just the firewall I presume?

    There are so many possible causes of problems with Windows Update that it would probably be best to send you to the Software Forum. However, there are a few things we can try first.

    1. Make sure time and date and TimeZone are correct
    2. See if it works in safe boot mode
    3. Reset HOSTS file (see below)

    Download HostsXpert and then follow the below steps.
    • Unzip HostsXpert.zip
    • It will create a folder named HostsXpert in whatever folder you extract it to.
    • Run HostsXpert.exe by double clicking on it.
    • Click the Make Writeable? button. (if you only see a Make Read-Only selection, it is already writeable so skip this button).
    • Click Restore Microsoft's Hosts File and then click OK.
    • Click the X to exit the program

    4. flush DNS server (see below)

    Right-click on the Command Prompt icon and select
    "Run as administrator". Then type in: ipconfig/flushdns
    and press the Enter key on your keyboard.

    5. add Microsoft URLs to the Trusted Zone (see below)
    6. shutdown firewall and retry
    7. shutdown AntiVirus and try

    MS URLs

    http://*.update.microsoft.com
    http://download.windowsupdate.com
    http://genuine.microsoft.com
    http://go.microsoft.com
    http://support.microsoft.com
    http://update.microsoft.com
    https://*.update.microsoft.com <--Notice the https designation.

    The first thing to always check for Windows Update problems! make sure that Automatic Updates is not turned off. It needs to be on and the service status needs to be Started and the Service type needs to be Automatic.
     
    Kestrel13!, Dec 17, 2010
    #4
  5. murphatoid

    murphatoid Private E-2

    Thanks for that, I'll work through it later on.

    Why would I have got that FakeVimes alert then?

    And why wouldn't rootrepeal run?:confused

    Thanks again

    Laura
     
    murphatoid, Dec 17, 2010
    #5
  6. murphatoid

    murphatoid Private E-2

    oh and automatic updates IS turned off, I was trying to update manually. Is that bad?
     
    murphatoid, Dec 17, 2010
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Yes. Let me know how you get on with it all.

    Who knows? False positive? Some temp file that later got deleted somehow. Without seeing a file path of the "threat" being found, it's hard to tell.
    Oh RR only runs about 50% of the time, I wouldn't worry about that.

    Not if you always remember to update. If you are forgetful, then yes, it can be a better idea to have them set for auto.
     
    Kestrel13!, Dec 17, 2010
    #7
  8. murphatoid

    murphatoid Private E-2

    Phew, I'll stop worrying then. I set windows updates to auto and the updates that kept failing before were successful. I have set it back to 'inform but don't download' and if it happens again I'll know how to fix it.

    Thanks again for your time and expertise! :)
     
    murphatoid, Dec 18, 2010
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're welcome. :)

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 7 of the READ ME
        for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    Kestrel13!, Dec 18, 2010
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds