Another virtuamonde

[pskelley]

Thanks for returning your infomation and the feedback.

I have placed the computer back on the internet and it seems to be operating fine.

I would restrict internet activity to what is absolutely necessary for a bit longer.

Will these fixes also resolve my Windows Update issues?

If the malware we removed was the cause, it will, let me know if the issues are continue, exactly what they are and about any error message you receive. Do you have this information:

http://v4.windowsupdate.microsoft.com/troubleshoot/
http://support.microsoft.com/oas/def...3&gprid=522131

Also, should I reenable TeaTimer now?

Leave it off a bit longer, we still have a few changes to make and it will drive you crazy as it tries to do it's job.

This is the next bridge we must cross:

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/comb...o-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.



Since we do not need to scan with combofix, click NO





Thanks...Phil

[m2family]

Phil,

Sorry it took so long to get back to you.

Windows Automatic updates are now available.

I successfully followed the instructions for the Recovery Console and the log is below:

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


What is next?

[pskelley]

Recovery Console was installed correctly, here is some information:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Recovery Console is a tool that will allow you to recover from a catastrophic system failure, so let's hope you never need it. Many experts believe Microsoft should have installed it by default.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.



Clean infected System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Run MBAM again to make sure we got all of the junk, no need to post a clean scan result.

What are you running for an antivirus program? I see this:
C:\Program Files\NavNT\defwatch.exe
http://www.processlibrary.com/directory/files/defwatch
You want to be sure you have a current, up to date antivirus program. It is cyber-suicide to go online anymore without one. If you need a free program, let me know and I will make one available. Whatever you are running needs to be updated and the system scanned to make sure it is working right and scanning clean. This was a bad infection and they often damage security programs.

Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/m...oes/Links.html

[m2family]

Phil,

All done. One small process issue. There was not a reboot requested between installation of the Recovery Console and your last instructions. So when I went to My Computer...Properties, there was no System Restore tab. I restarted and it appeared.

As for virus protection, I use Norton Antivirus Corporate as it is provided by my employer. NAV is current failing on load though so I need to get the install disks again from IT.

What next? Teatimer?

[pskelley]

Please read the information in the links I posted first, then enable TeaTimer.

Safe surfing