PDA

View Full Version : How to remove windows explorer malware


dalfish
2010-10-27, 07:53
Hi friends,

I got infected with 177 malware items. I just tried to download opensuse11.3 from mirrorackspace.com. So i cleaned the 170 infections with Spybot. When i run the spybot the items now detected are

1 Adobe flash player cookies

2 cache

3 history

4 MS direct3D

5 Windows

6 windows explorer (THis is the one )


The windows explorer is not removed rest of all are removed by spybot Spybot asks for a startup scan. i have done that but the items detected wont show up Instead Spybot windows show 3 detected at the bottom left side. Spybot dialog box say it is resident in the memory. How to remove the no 6 item called the windows explorer


Regards


Dalfish
tashi
2010-10-28, 03:00
Hello dalfish,

Could you copy paste the top of the log showing the items found please.

Best regards.
dalfish
2010-10-29, 04:47
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Excel\File MRU



MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (2 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Word\File MRU



Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources



Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count



Windows Explorer: [SBI $6107D172] User Assistant history files (28 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count



Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs



Cache: [SBI $49804B54] Cache (7) (Cache, nothing done)





History: [SBI $49804B54] History (4) (History, nothing done)





Congratulations!: No immediate threats were found. (Status)





This is log that is generated after the scan


Regards


Dalfish
tashi
2010-10-29, 18:41
Hello dalfish,

Please open Spybot Search & Destroy > Help > About and let us know the version of Spybot and the date of last definitions.

Best regards. :)
dalfish
2010-10-30, 04:54
Dear Tashi,

Spybot search and Destroy1.6.2.46


Definition 27/10/2010



Regards


Ashik
tashi
2010-10-30, 18:15
Hello dalfish,

Please see this FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) which also includes instructions on posting a preliminary DDS log.

Then start a new topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise you when available. :)

Best regards.