Page 5 of 5 FirstFirst 12345
Results 41 to 45 of 45

Thread: Ransomware Trojan

  1. #41
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    How is your system behaving now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #42
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Everything seems good. I was wondering what toip0_tmp.exe might have been if MSConfig said it had been disabled in 2012 (or is that erroneous?). I had an avast warning from a normal/safe/trusted webpage (bank I think) saying it had blocked a script or something, but it has kept no log of it as far as I can tell. I think I know the website that caused this and the previous problem, so I'll steer clear from now on.

    Should I keep the Tweaking registry backup or delete the program and backup?

    Thanks,

  3. #43
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    As far as that file, how it got disabled I really don't know so at this point its harmless so lets not worry about it.

    As far as Tweeking , your call to keep or remove it, it could come in handy someday if you backup your registry maybe once a month or so.

    Please download DelFix and save the file to your Desktop.

    • Double-click DelFix.exe to run the program.
    • Place a checkmark next to the following items:

    *Activate UAC
    *Remove disinfection tools
    *Create registry backup
    *Reset System Settings


    Click the Run button

    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



    ==========================================================






    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #44
    Member
    Join Date
    Mar 2008
    Location
    England
    Posts
    64

    Default

    Just to be complete...

    Thanks for help. It is very much appreciated.



    # DelFix v10.8 - Logfile created 31/07/2014 at 18:13:00
    # Updated 29/07/2014 by Xplode
    # Username : Ed and Lou 2 - EDANDLOU2-PC
    # Operating System : Windows 7 Home Premium (64 bits)

    ~ Activating UAC ... OK

    ~ Removing disinfection tools ...

    Deleted : C:\Qoobox
    Deleted : C:\_OTM
    Deleted : C:\Combofix
    Deleted : C:\FRST
    Deleted : C:\Windows\grep.exe
    Deleted : C:\Windows\PEV.exe
    Deleted : C:\Windows\NIRCMD.exe
    Deleted : C:\Windows\MBR.exe
    Deleted : C:\Windows\SED.exe
    Deleted : C:\Windows\SWREG.exe
    Deleted : C:\Windows\SWSC.exe
    Deleted : C:\Windows\SWXCACLS.exe
    Deleted : C:\Windows\Zip.exe
    Deleted : HKLM\SOFTWARE\OldTimer Tools
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Swearware
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
    Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

    ~ Creating registry backup ... OK

    ~ Resetting system settings ... OK

    ########## - EOF - ##########

  5. #45
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, looks like your on your way, glad I was able to help you

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •