Unidentified Malware, unable to delete

Discussion in 'Malware Help (A Specialist Will Reply)' started by Laurieh, Jul 3, 2007.

  1. Laurieh

    Laurieh Private E-2

    Using XP SP2, Mesh AMD 64 Dual Core 4400+, Windows auto updated.
    Zone Alarm Security Suite and regular use of Ad Aware and Spybot

    Suspicious of two groups of files in the C:\Windows\Temp, the latest 2 of each cannot be deleted. Latest versions are
    Perflib_Perfdata_258.dat and Perflib_Perfdata_33c.dat
    ZLT03ffd.TMP and ZLT03f81.TMP
    Re-Boot doesn't do it.

    I have struggled through the Malware Removal Guide, I'm a bit slow and have thick fingers with computers, with some failures
    6A Done in Normal Mode as could not find Bitdefender's Online Scanner so had to download Evaluation.
    PandaActive also run in Normal Mode.
    7 Could not download from link to HijackThis. Was logged in but it came up with download forbidden, is it something I've said!! Luckily I had downloaded it earlier, I hope that it was the right version.

    Apart from Cookies the only result was from Panda Active Scan which showed 3 Hacking/Rootkit problems. I don't know enough to check if these have any connection with the files above.
    cheers laurieh
     
    Last edited: Jul 3, 2007
    Laurieh, Jul 3, 2007
    #1
  2. Laurieh

    Laurieh Private E-2

    This is a follow up message with files for GetRunKey, ShowNew and HijackThis attached.
     

    Attached Files:

    Laurieh, Jul 3, 2007
    #2
  3. Laurieh

    Laurieh Private E-2

    I,ve a feeling that my first three attachments didn't get attached.
    My fault entirely.
    Laurieh
     

    Attached Files:

    Laurieh, Jul 3, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    You did not do step 6 properly. We had requested that you run BitDefender online scan. You installed BitDefender's full antivirus program and thus you are now in conflict with step 3 of the READ ME. You must uninstall this program now.

    Are your only reasons for being here the files you mentioned that you saw in your temp folders? They are all normal files. They are part of System Performance Monitor and also ZoneAlarm.


    Uninstall CounterSpy now since we are finished with it.

    Also uninstall the below old version of Sun Java:
    J2SE Runtime Environment 5.0 Update 11


    Also you should have HJT fix the below unnecessary items.

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Also have HJT fix the below. The first is not recommended to be used and the second does not even seem to be installed anymore.
    O4 - HKLM\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

    After clicking Fix, exit HJT.
     
    chaslang, Jul 3, 2007
    #4
  5. Laurieh

    Laurieh Private E-2

    Thank you very much for the prompt reply

    I couldn't find the online scan for BitDefender, have now deleted it,

    The rest of your instructions have been complied with.

    When I 'Googled' the files I was suspicious of I was taken to Malware removal sites. As I said my level of knowledge is rather shallow. This led me to contact you.

    What of the 3 possible problems mentioned by ActiveScan?

    cheers Laurieh
     
    Laurieh, Jul 4, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There are no real problems in that log. Cookies are not problems. And the other items are just things you downloaded or have installed.


    If you are not having any other malware problems, it is time to do our final steps:
    1. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    2. After doing the above, you should work thru the below link:
     
    chaslang, Jul 4, 2007
    #6
  7. Laurieh

    Laurieh Private E-2

    Thank you again for your time and effort. It is a relief to know that I was on the wrong trail.

    I have already been through the Protect Yourself from Malware.

    Laurieh
     
    Last edited: Jul 5, 2007
    Laurieh, Jul 5, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely!
     
    chaslang, Jul 5, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds