Multiple Infections on XP Pro SP1 box

[Blade81]

Hi,

If there're no other issues among those mentioned left then I'd try to install SP3 before seeing other possible issues (if still remaining after SP3). Take these steps below first.

Uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

[mambass]

Blade81,

Combofix has been uninstalled and OTC has been run.

I'm going to defrag my disk and then begin the process of upgrading to SP3 and then installing current AV (I have it here but couldn't install it because I was still on SP1).

If the NoDriveTypeAutoRun issue still exists after the upgrade then I'll open a new thread in the forum.

It's hard to find the words appropriate to thank you for your help. I'll elaborate on this a bit more in the Waiting Room's "Thank You" thread.

If you ever find yourself visiting Kansas City, Missouri (and why you would is beyond me) then shoot me a note and we'll show you the town!

Take care,

George

[Blade81]

You're welcome George

I leave the topic open for a few days so you may post back how SP installation went.

If you ever find yourself visiting Kansas City, Missouri (and why you would is beyond me) then shoot me a note and we'll show you the town!

Thanks. Shall keep that in my mind!

[mambass]

Blade81,

The box is up-to-date with Microsoft upgrades and AV and new versions of some other layered products (SP3 got installed on the 3rd try after having problems due to a security setting on a registry entry). A full AV scan only detected and cleaned the Trojan.Win32.Genome.dkpu virus that was reported in the Kaspersky scan that you had me run.

The problem with Explorer attempting to change the registry entry has disappeared however the autorun function still doesn’t work. I went through the steps recommended in Microsoft’s article on how to get it to work but it still doesn’t work. It’s no big deal now that I’m no longer concerned about some malicious code being present on the system.

Once again, thank you for being there and for making it possible for me to enjoy the use of the machine without having to reformat the disk and loose everything that has accumulated on the box over the past 8 years!

George

[Blade81]

Hi,

Malware authors have begun to exploit the autorun/autoplay feature, so the author of ComboFix, in an effort to help protect your computer from becoming infected via that avenue, configured ComboFix to disable it. Many security apps disable it as well, and even Microsoft recommends disabling it. Disabling autorun/autoplay does not prevent you from accessing those media sources. They are still available by opening My Computer and accessing the source drive (cd, dvd, usb flash or external harddrive). Pictures on a camera can still be accessed/transfered through My Pictures and selecting Get Pictures from a Scanner or Camera. Media can also be accessed via the program you intend to use it with, such as music cds accessed via Media Player, blank cds via your burning program, image handling software provided with the camera, etc.

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.