XP cleaner....

Discussion in 'Malware Help (A Specialist Will Reply)' started by sonyzz, Aug 9, 2008.

  1. sonyzz

    sonyzz Private E-2

    I know there are people on here who have threads already started on this topic, but I ran into some malware a little while ago.
    I was working on my brothers wedding video and I installed a 3rd party plugin for After Effects. It seemed harmless at the time until I started to get new virus threats.
    I was using Norton Corporate at the time, but that didnt work for me. I was scared to format then, because I didn't have the video backed up, and I have the only copy. The DV tapes have already been erased so I can't loose the files, or my brothers wife will SHOOT ME!
    I took a chance and hooked up my Portable hard drive and copied over all the AVI files, even though I know I might have copied the Mal-ware as well. But I can't loose these files.
    Last week I formatted my comp, thinking the virus was gone......I was wrong! To make it worse, my house is networked and the virus jumped to my friends computer, so I had to format his as well. But even he still has the virus.
    So I formatted the drives on both comps AGAIN, trying different steps along the way.....still no help. So I tried a spare hard drive I had on one, and formatted that....it still wasn't gone. SO I thought 'This has to be more than a virus.' Then I found your XP Cleaner on this Forum, and tried it.

    Thats why I'm here. Hopefully you can help me. I haven't looked at the portable drive yet cuz I'm scared I might have to format it with all the files still on it. It also has all my school projects, portfolio...etc....etc. I really can't loose it.

    I didnt do a system toggle cuz I just formatted not too long ago, so it doesnt matter if I lose whats on the comp already, all my files are on the (hopefully not infected) portable hard drive.

    Even after all the steps I followed, there is still Mal-ware on my computer. I ran everything again after the first time, and there were still some infected files that were found. I keep getting DLL errors on startup, and even when I run some of the software to get rid of the MAL WARE I get errors. The COMBO FIX came up with error messages when I ran it, as well as the MGtools program.

    So I'm posting my files. I zipped the LOG files as well from the FIRST scan so I can post in one thread.

    Any help would be greatly appreciated.
    Thanks.
     

    Attached Files:

    sonyzz, Aug 9, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    It was gone after your formatted. The problem is due to what you are reinstalling after you finish reinstalling Windows. Some of the software you are reinstalling is infected and that is where your problems are coming from. If you had just formatted and reinstalled Windows and nothing else, I bet everything would be fine. That is assuming you reinstall Windows from original uninfected media.

    If you are reinstalling any special codecs or video manipulation tools, odds are that is where you problems are coming from. Running the READ & RUN ME removed a whole bunch of malware including Vundo infections which often come from strange codecs and video downloads. Also if you are using any pirated/illegal tools, they should be removed since they are also often the cause of these infections.

    The READ & RUN ME has remove all of your malware. However, if you install or run any tools that are infected, you will more than like reinfect your PC again so be careful what you install/run.

    I do suggest that you delete the below file if it exists:
    Code:
    2008-08-03 19:58 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[U]0[/U]02384_.tmp
    And the below are also questionable. Did you download these?
    Code:
     
2008-08-03 21:24 558,142 ----a-w C:\WINDOWS\java\Packages\MIXJZFND.ZIP
2008-08-03 21:24 155,995 ----a-w C:\WINDOWS\java\Packages\E7NVJ179.ZIP

    Now we need to cleanup some items from running ComboFix.

    Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.





    If you are not having any other malware problems, it is time to do our final steps:
    1. You can uninstall SUPERAntiSpyware now.
    2. We recommed you keep Malwarebytes Anti-Malware as a scanner. It uses no resources except a little disk space until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    Last edited: Aug 9, 2008
    chaslang, Aug 9, 2008
    #2
  3. sonyzz

    sonyzz Private E-2

    Thanks chaslang! Much appreciated. I guess all my C++ and Pearl education couldn't do squat for me. Stupid colleges....lol.
    And everything did work fine.
    What I do find interesting though is that the virus still came up, just after a bare bone installation and updates from Microsoft, and the computers were not networked together (the other one wasn't even turned on). A notice for Microsoft antivirus 2009 came up and installed on the comp.............weird.
    I've also used the same CD installations for years, and they've all worked fine without any viruses.
    I suppose I'll have to go through them, just to be sure.

    Again, I greatly appreciate your time, effort and assistance.

    Thanks.
     
    sonyzz, Aug 12, 2008
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No PC should ever be connected to a network ( and especially a network with internet access ) without first having an antivirus, realtime antispyware blocking, and a real bi-directional firewall installed. The Windows firewall is not adequate. You need a real firewall. And also even if one is not necessary because you only have 1 PC, using a router with a hardware firewall adds another great layer of protection.

    I have seen unprotected PCs get infected in as little as 5 seconds of connecting to the net. Even without opening a browser. Once some hacking site has recorded you address, they can keep looking for you to reinfect you. Having proper protection in place is a must before connecting.

    Then it may well be that your CDs are clean, but you just did not install proper protection before connecting back to a live network.
     
    chaslang, Aug 12, 2008
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds