Broadband Tech > Security > Security Cleanup > [Virus] Is the computer still infected?

reply to TheJoker

Re: [Virus] Is the computer still infected?

reply to TheJoker
Thank-you "TheJoker",

I persisted with a few more online scan programs further down the Google search reply webpage and found one online scan program that worked; here are the findings (I hand typed from the closing screen before I clicked Finish); there was not a mention that anything had been resolved; seems has only detected.

Quck Heal Online Scan (»www.quickheal.com/scan)

C:\Documents and Settings\Administrator\My Documents\exe\security\1\SmitfraudFix.exe........Backdoor.Hupigon.izsj.n5.......Folder security\1 created Feb. 11th 2010

C:\Qoobox\Quarantine\C\Windows\Download Program Files\popcaploader.dll.vir.......Trojan.Agent.ATV.n5.......Folder Qoobox created Jan. 20th 2013

So, I am very obliged if you could advise me further.

I don't see any current virus problem. QuickHeal isn't a program I would recommend, you can see some comments on it here:
»www.wilderssecurity.com/showthre···p?t=3669

The detection of SmitfraudFix.exe is a false positive. That's an older malware removal tool, not a virus. The other isn't an active infection, its a file that ComboFix already quarantined, which we will take care of with some final cleanup once we are at that point.

Your Java is outdated and vulnerable.
Updating Java:

- Download the latest version of Java Runtime Environment (JRE) 7.
- In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
- In the Window that opens, click the "Accept License Agreement" button
- Download the file for Windows x86 Offline (jre-7u11-windows-i586.exe) and save to your Desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
-- Java(TM) 6 Update 29
-- Any other version listed
- Then from your Desktop double-click on the new version you downloaded and install it.

Your version of Adobe Acrobat Reader is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following program:
Adobe Reader
Then go to to »www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

Your version of Adobe Flash is outdated and vulnerable. Go to Start > Control Panel > Add or Remove Programs and remove the following programs if found:
Adobe Flash Player [version number] ActiveX (for Internet Explorer)
Adobe Flash Player [version number] Plugin (for other browsers like Firefox, chrome or Opera)

Then go to »get.adobe.com/flashplayer/ to download and install the current version of Flash. Be sure to check to see if you are offered a toolbar, and is so, be sure you UNcheck the box for it onless you really want the extra toolbar.

Please download Farbar Service Scanner and run it on the computer with the issue.

http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
 

Thank-you "TheJoker",

Flash Player is now successfully on the computer; thanks.

So, I am very obliged if you could advise me further.

All we need to do now is some cleanup.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

To remove tools we used and the files and folders they created do the following:
Double click OTL.exe that you downloaded earlier.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

I recommend keeping Malwarebytes' Anti-Malware, it's an excellent malware scanner.

To help keep malware off your system:
- Keep Windows updated at Windows Update or Microsoft Update.
- Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
- Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
- Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
- Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
- Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
- Don't click on links received in instant message programs.
- In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
- A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm
- A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html
- I recommend reading Tony Klein's article So How did I get Infected in the First Place?

Does your problem appear resolved?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thank-you "TheJoker",

All you requested, I have managed to do; thank-you.

Firefox seems to not be working correctly (maybe it is my ignorance). So, I am interested to know of any websites you consider to be worthwhile for me to view and educate me how to use it.

The computer seems to be working fine (in fact, I think, it is booting and working faster). The only minor gripe is that "Ctrl, Alt, Del" is not opening the Task Manager window.

So, if there is anything else to do, I am very obliged if you could advise me further.

Does Ctrl+Shift+Esc work?

Please run Notepad and paste the following text into a new file:

regedit /e HKCU-Policy.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"
regedit /e HKLM-Policy.txt "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies"

Save the file to the Desktop as log.bat, and make sure the "Save as type" field says "All files". Then double-click on the log.bat file on the desktop. This will create 2 text files on the desktop called HKCU-Policy.txt and HKLM-Policy.txt. Please post the content of both files in your next reply.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Please download Windows Repair (all in one) from here:
»www.tweaking.com/content/page/wi···one.html

- Install the program.
- Please proceed to run it.
- Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
- Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
- Go to Step 4 and under System Restore click on the Create button:
- Next, go to the Start Repairs tab and click the Start button.
- Please ensure that ONLY items I've listed below are checked (they're all checked by default):

--- Reset Registry Permissions
--- Reset File Permissions
--- Repair File Permissions
--- Register System Files
--- Remove Policies Set by Infections
--- Remove Temp Files
--- Set Windows Services to Default Startup

- Place a checkmark in the box for Restart/Shutdown System When Finished
- Select Restart System. Then click on Start.

Did that fix the problem?

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thank-you "TheJoker",

Completing Step 2 was not a problem, but in Step 3 the program says "For Windows XP & 2003 you will need your Windows CD." and I do not have it with me. Sorry, but I could not complete Step 3.

So, if there is anything else to do, I am very obliged if you could advise me further.

Let's do this manually then. Same thing here, you may get asked to insert your Windows install CD, and if that's the case, you won't be able to continue with this step.

You may need your Windows Installation CD for this step.
Now please go to Start -> Run -> cmd and press Enter. At the command prompt type sfc /scannow, making sure to put a space between the "c" and the slash, and then press Enter. This will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested. Then please restart your computer.

Now go back and rerun the instructions for Windows Repair (all in one), and go to Step 4 and continue from there.

What was the result of running System File Checker?

Did the Windows Repair Tool fix the problem of not being able to open Task Manager from CTRL-ALT-DEL?
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thank-you "TheJoker",

Seems this machine is one that needs the disk, hence I could not complete the sfc command task.

So, if there is anything else to do, I am very obliged if you could advise me further.

Thank-you "TheJoker",

I will be getting my XP disc on Thursday. I will try step 3 when I get back to London from Birmingham.

Step 4 and so on have been completed and CTRL-ALT-DEL does not work.

Tried the regedit, but that also did not work.

So, if there is anything else to do, I am very obliged if you could advise me further.

While waiting for your XP disk, let's try this.

Download RogueKiller (by tigzy) and save it to your the desktop:
http://tigzy.geekstogo.com/Tools/RogueKiller.exe

- Quit all programs
- Start RogueKiller.exe.
- Wait until Prescan has finished ...
- Click on Scan. Click on Report and copy/paste the content of the notepad
- Please post the log from RogueKiller in your next reply.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

Thank-you "TheJoker",

I followed all your instructions and then ran RogueKiller and it did the initial scan. I clicked the Scan button and it started. Within a few seconds it stopped and a window opened saying, "RogueKiller by Tigzy has encountered a problem and needs to close. We are sorry for the inconvenience." So I had no option but to close the window and then RogueKiller window closed. Hmm, yet another program that seems to not suit this flipping, stupid computer, sorry.

So, if there is anything else to do, I am very obliged if you could advise me further.

Turn off Panda AntiVirus and see if it will run then.

Removed.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010