Yowsers!!! Help please for one infected PC- logs attached

My neighbor's computer is very infected- it still has XP SP1 so I am trying to disinfect before upgrading to SP2. There has been no firewall or anti-virus software that I am aware of for about 3 years. When I hit CTRL-ALT-DEL, the windows task manager won't pop up.

So far, all the scans have yielded multiple viruses, spyware, and at least one rootkit.

Please help if you can.

 

more logs

 

You post the BitDefender Report Summary. I need the actual scan log.

 

Ok. I restarted in safe mode and reran the Bitdefender scan. It doesn't seem to include all what was included in the summary of the first, but maybe that's a good thing. Anyways, here you go.

 

Download
- Pocket Killbox

Empty the CounterSpy Quarantine folder.
Empty the Recycle Bin.

Run CCLeaner

Using Add or Remove Programs in the Control Panel; uninstall the following:

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following:

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post fresh logs for:
1. ShowNew
2. GetRunKey
3. HijackThis

 

Ok. Thanks for your help! Here are the new logs... please let me know if anything else remains to do.

Is it recommended to install ZoneAlarm and Avast prior to upgrading to XP SP2?

 

Windows Messeger is running in the background on this computer, and represents a security risk. Remove Windows Messenger by running Uninstall Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Run ViewpointKiller

Other than what I already had you do and the above your logs look pretty good.

How is your computer running?

 

I had to run windows messenger uninstaller in safe mode because it was running in the background and the task manager isn't working. Taskmgr.exe does not exist in the windows/system32 folder so it looks like malware got to it.

The computer is working fine except that I reran CounterSpy and it found several new malware including Cydoor. I think that windows messenger was serving as an open door for the malware. So hopefully it will stop. I attached the log below.

Viewpoint killer didn't find anything to delete.

Unfortunately, my neighbor inherited the computer from a sister who did not pass on the original software Cd's so I can't restore the Task manager files. I am hoping that perhaps the SP2 update will restore it, but that may be wishful thinking. First I am going to install ZoneAlarm and Avast antivirus.

Any other suggestions before I proceed?

 

Download FindAWF.exe by Noahdfear to your Desktop from >here<

Double-click FindAWF.exe to run it

A command window will open (OK any warnings by your security software)

Press any key to continue

When finished, a Notepad window will open and the output file called awf.txt
Save this to your Desktop and attach the file to your reply.

Run AVG Anti-Rootkit and attach the log!

 

Ok. Took me a few days since I was out of town. AVG found no rootkits.
Attached is the awf log.
Thanks.

 

Your logs are fine.

You may want to run the command sfc /scannow.

Your Windows CD may be required and you will need to run Windows Update when finished.

 

Ok. Thanks for all your help. I'll see if I can find some Windows CD's to restore the task manager.

Major Geeks rules!!