TrojansPMX/LX worm removal?

cigam0102 · Jan 27, 2010

Greetings,

First time posting in this area, so here goes.
Below is the message I received, on desktop popup.

"Attention! System detected a potential hazard (TrojansPMX/LX) on your computer that may infect executable files. Your private information and PC safety is at risk, to get rid of unwanted spyware and keep your computer safe you need to update your current software. Click OK to download official intrusion detection system (ids software)"

My first thought was it was just a commercial popup, so I went down to the tray, right clicked and choose close, but it kept coming back.

So I went to (READ & RUN ME FIRST. Malware Removal Guide) and did the steps outlined, and it seemed to get rid of the problem.

I was told (on another thread) that I should still post the logs here so someone can look them over to make sure they are clean.

I'm going to attach the first four of five logs and then you can tell me what to do from there.

Adding fifth log to next post.

Thanks, for your help!

cigam0102 · Jan 27, 2010

Also I completed step 4 below,

* No, I’m not having any problems
o If you are sure everythingis okay and that you do not need to request any help, then jump to the next step below.

Step 4: Toggle System Restore

* You only need to Toggle system restore if malware had been found during the cleaning procedures. If no malware was found, there are no infected restore points to worry about, thus you can skip to the next step.
* Once you are sure all malware problems have been removed follow the below steps:
o Disable System Restore ( see Disable And Enable System Restore)
o Now reboot your PC
o Now Enable System Restore using the same link as above

Because I thought I was suppose to, may have misunderstood, I can take my lumps if I was wrong!:cry

TimW · Jan 28, 2010

The reason you were so infected is that you are allowing ALL USER!! to have Admin. privileges. You need to make only one Admin account and set the rest to limited!! Fortunately the scans took care of the malware.

Your logs are clean.

If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)

Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required

"%userprofile%\Desktop\combofix" /uninstall

Notes: The space between the combofix" and the /u, it must be there.

This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.

If you are running Vista, Windows XP or Windows ME, do the below:

Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.

Then reboot and Enable System Restore ato create a new clean Restore Point.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

cigam0102 · Feb 3, 2010

Thanks for your reply,

I've been using the computer to see if I developed any problems.

First step to change other users to limited.

Second to start your instructions on final steps.

First problem,

Cannot uninstall ComboFix, its on the desktop, but I must have installed wrong, because it wont uninstall per your instructions.

Second problem,

I cannot change desktop wallpaper on some user accounts.
The Desktop tab under Display Properties has all of the available options for wallpaper in gray. I also cannot click "Browse."
Also I cannot choose a picture to "set as Desktop Background.

I did not continue any other steps in case the ComboFix had to be done first.

Thanks Again for your help!

TimW · Feb 7, 2010

It is because it is not on your desktop but here:
c:\documents and settings\Dad.OSICKEY-E9FEEBC\My Documents\Downloads\ComboFix.exe

You can paste this in to remove Combo:
"c:\documents and settings\Dad.OSICKEY-E9FEEBC\My Documents\Downloads\combofix" /uninstall

The other issues are software ones and should be addressed in the software forum.

Log in or Sign up

TrojansPMX/LX worm removal?

cigam0102 Private E-2

Attached Files:

SASlog.txt

mbam-log.txt

ComboFix.txt

RRlog.txt

cigam0102 Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cigam0102 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member