PC Infected

[Bill Moz]

log to follow at scan conclusion

[Jack&Jill]

Hello Bill Moz ,

For Antivirus, these are some that I prefer. You should choose one of them.

Avast
Avira
Microsoft Security Essentials

Please keep only one AV installed.

I will wait for the ESET scan result before giving you the All Clear and some recommendations.

[Bill Moz]

I had eset scan set to not remove infected files as per instructions on page 2.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-04 02:33:30
# local_time=2010-11-03 09:33:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70251 70251 0 0
# compatibility_mode=1024 16777191 100 0 20309473 20309473 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=102201
# found=9
# cleaned=0
# scan_time=6506
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\39\3f57e627-1ad38c1f a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\45\7c599ead-497b82a1 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\61\6459dbfd-2538be44 a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\9\24ea7dc9-59e1eeea a variant of Java/TrojanDownloader.OpenStream.NAU trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d5a2f0374c2b4a499625a5c7b83d482b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-09 05:46:06
# local_time=2010-11-08 11:46:06 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 514120 514120 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=104303
# found=7
# cleaned=0
# scan_time=6192
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\20\7bb99554-2e1090b7 Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-1626c168 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-5f8d8945 Java/TrojanDownloader.Agent.NBK trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-69b7982a Java/TrojanDownloader.Agent.NBL trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Bill\Application Data\Sun\Java\Deployment\cache\6.0\58\1f62c23a-2f1a0ce8 Java/TrojanDownloader.Agent.NBM trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{AB656524-4E00-42EC-ACF7-BD8F40C1A4AC}\RP941\A0054186.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I

[Jack&Jill]

Hello Bill Moz ,

You did not clear off the Java cache. Please do so.

You can clear them off using ATF Cleaner's Java Cache option, or go to Start > Control Panel. Double click on Java and the Java Control Panel will open. At the General tab, click on the Settings... below the Temporary Internet Files title. Press the Delete Files... button and OK your way out.

The remainder of the online scan's findings include backups that were created during the course of this fix, and items located in C:\System Volume Information\ where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore.

Nevertheless, we shall be taking care of both in a while.

--------------------

If you have no more issues, we can close the case.

Congratulations, you are All Clear to go. Glad to hear everything is good and running . If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

• Go to Start > Run.... Copy and paste the following text into the white box:
  ComboFix /uninstall
  Click OK.
• Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
• Delete the GMER file (1gx17ml2.exe), SystemLook, USBNoRisk, MBRCheck and Rookit Unhooker files on your desktop .
• Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP, Windows Vista or Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows XP System Restore Guide for some detail explanations.

3. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials, Avast and Avira are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.

4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee.

5. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications.

6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose.

7. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

8. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

9. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

10. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

11. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

12. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Stay safe.

[Bill Moz]

Thank you very much for all the help, computer seems to be running very well now. Thanks for all the time and effort, very much appreciated. Well Done.

[Jack&Jill]

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D!