Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old January 17th, 2009, 05:09 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Run HijackThis, Scan
Check box for:

O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')

Select: Fix checked

Restart the computer.

Are you still having malware problems?
Reply With Quote


  #17  
Old January 19th, 2009, 01:25 AM
wempower wempower is offline
Member
 
Join Date: Jun 2004
Posts: 38
Thanks for your help Aaflac.

I do not have anymore malware problems now. The computer seems to be running good but when I run an online scan with Kaspersky WebScanner, it still comes up with the Trojan downloader virus. Should I be concern?
Reply With Quote
  #18  
Old January 19th, 2009, 02:27 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Please copy and paste all of the following inside the code box below into the Paste List Of File/Folders To Move area of OTMoveIt3

Code:
:files
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\048ZB27K\downloader[1].vbs 
:commands 
[emptytemp]
Click the red Moveit! button

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the moving process. If you are asked to reboot the machine choose Yes.

Copy/Paste the contents under Results to provide in your reply.

However, if the machine rebooted and you are unable to copy/paste from the Results window:
Open Notepad (Start > All Programs > Accessories > Notepad)
Click: File > Open
In the File Name box enter *.log and press the Enter key
Navigate to the C:\_OTMoveIt\MovedFiles folder
Open the newest .log file present

Close OTMoveIt3

~~~~
Please provide the OTMoveIt3 log contents in your reply.
Reply With Quote
  #19  
Old January 19th, 2009, 04:33 AM
wempower wempower is offline
Member
 
Join Date: Jun 2004
Posts: 38
OTMoveIt3 log:

========== FILES ==========
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\048ZB27K\downloader[1].vbs moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\anon\LOCALS~1\Temp\~DF9D0A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\mcafee_gxj0pxDXV7IPYAe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_dfQhaaYfdkgJozD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_oI6cIPGugQVvtSg scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_R5c7FkSy7CiggQX scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_yd3HQ1Hc11kLagJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_258.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_2fXWpd9tYI5Ru4B scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_l7S7HrMcpqRBaDe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_RezdXu3Sbn4r5dC scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_222440
Files moved on Reboot...
File move failed. C:\DOCUME~1\anon\LOCALS~1\Temp\~DF9D0A.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\mcafee_gxj0pxDXV7IPYAe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\mcmsc_dfQhaaYfdkgJozD scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\mcmsc_oI6cIPGugQVvtSg scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\mcmsc_R5c7FkSy7CiggQX scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\mcmsc_yd3HQ1Hc11kLagJ scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_258.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_2fXWpd9tYI5Ru4B scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_l7S7HrMcpqRBaDe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\sqlite_RezdXu3Sbn4r5dC scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\WFV2.tmp scheduled to be moved on reboot.

Thanks Again for your help.
Reply With Quote
  #20  
Old January 20th, 2009, 08:48 PM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
The Java entry in your reports shows it is out of date...


Please download JavaRa


Unzip it to the Desktop.

This program checks if your computer has the latest version of Java Runtime Environment (JRE). If the version installed is superseded by a newer version, the program downloads and installs the newer version by running Java's update program.

JavaRa then allows you to remove all possible older versions of the JRE program. This ensures the security of your computer is enhanced and also creates some extra space on your hard disk

Double-click on JavaRa.exe to start the program.
  • In the prompt that appears, select: Search for Updates
  • Next select: Update using Sun Java’s website Update Using jucheck.exe
  • Click: Search
  • In Sun Java’s website, download: Java Runtime Environment (JRE) 6 Update 10

Note: Currently, as part of its update, Java also provides for the installation of the Google Toolbar. You can decline its installation of by unchecking "Google Toolbar for Internet Explorer", then click Next to continue.
  • Back to JavaRa, click on Remove Older Versions
  • Click Yes when prompted.
  • When JavaRa is done, a notice appears that a logfile was produced.
  • If you wish to see the log, click OK, for it to show. (The log is also saved as C:\JavaRa.log)
  • Use the X on the upper right side to close JavaRa
  • Next, restart the computer to complete the changes.

~~~~
If you are not having malware problems, you are good to go!


Please do the following to wrap up:

Double-click OTMoveIt3.exe
  • Click the Cleanup! button
  • A list of malware removal programs is downloaded from the Internet.
  • If you get a warning from your Firewall or other security programs regarding OTMoveIt3 attempting to contact the Internet, allow it to do so.
  • When asked if you want to begin cleanup process, select: Yes
  • The program will likely ask you to reboot. Please reboot.

Once the computer restarts OTMoveIt3 deletes itself along with the files/folders for the tools used.

~~~~
Also, do a search for and remove:
Random's System Information Tool on the Desktop, and also the C:\RSIT folder

~~~~
Some suggestions and programs to remain malware free: How to Prevent Malware

It is also a very good practice to perform an online virus scan on a regular basis.
Scanners do not have identical malware definitions, and what one misses, another one can catch.
Some of the scanners are:
BitDefender Online Scanner
ESET NOD32 Online Scanner
F-Secure Online Scanner
Panda ActiveScan
TrendMicro HouseCall

~~~~
If you have any questions or comments, post back. Otherwise...

Good luck, safe journey through the Internet!!

Last edited by Aaflac; January 21st, 2009 at 04:42 AM.
Reply With Quote
  #21  
Old January 21st, 2009, 04:22 AM
wempower wempower is offline
Member
 
Join Date: Jun 2004
Posts: 38
Aaflac,

Is the last post that you submitted to this thread belong here?
I'm confused because I did not reconize some of the files listed in your post.

WemPower
Reply With Quote
  #22  
Old January 21st, 2009, 04:46 AM
Aaflac's Avatar
Aaflac Aaflac is offline
Malware Removal Team
 
Join Date: May 2007
Location: Illinois, USA
Posts: 2,998
Sorry about that!!

Post edited.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 04:06 AM.