Thanks Blottedisc, unfortunately I'm away from my PC until 9th May, if its ok for you I'll post results upon my return, many thanks again for your assistance
Thanks Blottedisc, unfortunately I'm away from my PC until 9th May, if its ok for you I'll post results upon my return, many thanks again for your assistance
No problem, I'll keep the thread open
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Hi,
I've tried to locate the C:\Documents and Settings\All Users\Application Data\E8FEA67A3C.sys and cannot find it on my machine
We will need to see hidden files. Please follow the instructions given in the following link to see hidden files and folders, and when finished, try the VirusTotal step again:
http://www.bleepingcomputer.com/tuto...l62.html#winxp
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
File name: E8FEA67A3C.sys
Submission date: 2011-05-10 04:31:52 (UTC)
Current status: queued (#33) queued analysing finished
Result: 0/ 42 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.05.10.00 2011.05.09 -
AntiVir 7.11.7.205 2011.05.10 -
Antiy-AVL 2.0.3.7 2011.05.09 -
Avast 4.8.1351.0 2011.05.09 -
Avast5 5.0.677.0 2011.05.09 -
AVG 10.0.0.1190 2011.05.10 -
BitDefender 7.2 2011.05.10 -
CAT-QuickHeal 11.00 2011.05.09 -
ClamAV 0.97.0.0 2011.05.10 -
Commtouch 5.3.2.6 2011.05.10 -
Comodo 8644 2011.05.10 -
DrWeb 5.0.2.03300 2011.05.09 -
Emsisoft 5.1.0.5 2011.05.10 -
eSafe 7.0.17.0 2011.05.09 -
eTrust-Vet 36.1.8317 2011.05.09 -
F-Prot 4.6.2.117 2011.05.10 -
F-Secure 9.0.16440.0 2011.05.10 -
Fortinet 4.2.257.0 2011.05.10 -
GData 22 2011.05.10 -
Ikarus T3.1.1.103.0 2011.05.10 -
Jiangmin 13.0.900 2011.05.09 -
K7AntiVirus 9.103.4602 2011.05.09 -
Kaspersky 9.0.0.837 2011.05.10 -
McAfee 5.400.0.1158 2011.05.10 -
McAfee-GW-Edition 2010.1D 2011.05.09 -
Microsoft 1.6802 2011.05.10 -
NOD32 6108 2011.05.10 -
Norman 6.07.07 2011.05.09 -
Panda 10.0.3.5 2011.05.09 -
PCTools 7.0.3.5 2011.05.10 -
Prevx 3.0 2011.05.10 -
Rising 23.57.00.06 2011.05.09 -
Sophos 4.65.0 2011.05.10 -
SUPERAntiSpyware 4.40.0.1006 2011.05.10 -
Symantec 20101.3.2.89 2011.05.10 -
TheHacker 6.7.0.1.191 2011.05.09 -
TrendMicro 9.200.0.1012 2011.05.10 -
TrendMicro-HouseCall 9.200.0.1012 2011.05.10 -
VBA32 3.12.16.0 2011.05.09 -
VIPRE 9238 2011.05.10 -
ViRobot 2011.5.9.4451 2011.05.09 -
VirusBuster 13.6.345.0 2011.05.09 -
Additional informationShow all
MD5 : d2d6e5f57c10587f0c2916a2ce3a5bac
SHA1 : d4be78cc4418cd0fad254a93f31c01248928c94b
SHA256: ca9449886c01418a8038fcad354c65a1810046a1a2b040a49c8cb73428387275
ssdeep: 3:hl/5jTvhLj67n:RpXon
File size : 88 bytes
First seen: 2011-05-10 04:31:52
Last seen : 2011-05-10 04:31:52
TrID:
MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Hi,
Your machine seems clean now. How is it working? Please run Spybot S&D again, remove the Click.Giftload threat and advise if it's still reappearing.
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Hi Blottedisk,
Ran spybot again and only found a rightmedia thing which I've deleted. The google searches now seem fine with no redirects so thank you very much for your help.
Only thing I've noticed is that when I click to open Internet Explorer it takes around 45 seconds for my home page to load ?
Hi Steve,
I'm glad to hear that. We are done. Regarding to your IE problem, I'd suggest you to open a new thread at WhatTheTech, a site that we work hand to hand with:
http://forums.whatthetech.com/index.php?showforum=123
But before, please follow this last procedure:
Step 1 | Please download OTC by OldTimer to your desktop and run it
[list][*]Click Yes to beginning the Cleanup process and remove these components, including this application.[*]You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.[*]Also, please delete manually the following files in your desktop (move the files to the bin or right-click the files and choose "Send to recycle bin"):
- mbr.exe
- aswMBR.exe
- aswmbr logfile
Step 2 | Delete ComboFix and Clean Up
The following will implement some cleanup procedures as well as reset System Restore points. Click Start > Run and copy/paste the following underlined text into the Run box and click OK:
ComboFix /Uninstall
Please advise if this step is missed for any reason as it performs some important actions.
Step 3 | Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
- Download the latest version of Adobe Reader Version X. and save it to your desktop.
- Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered.
- Click the download button at the bottom.
- If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
- Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
- If you are unsure of how to use Add or Remove Programs, the please see this tutorial: How To Remove An Installed Program From Your Computer
- Then from your desktop double-click on Adobe Reader to install the newest version.
- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
- When the "Adobe Setup - Welcome" window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
- Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
- Click on Help and select Check for Updates.
- A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
- Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
- In the window that opens click Install.
- Once the update is done click Close.
- Your Adobe Reader is updated now.
Step 4 | Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
- Click on the following link to visit java website: Java Runtime Environment (JRE) 6
- Scroll down to where it says "JDK 6 Update 25 with Java EE".
- Click the "Download" button to the right column (JRE).
- Select the Windows platform from the dropdown menu.
- Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue. The page will refresh.
- Click on the link to download Windows Offline Installation and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
- Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the recently downloaded java installer icon to install the newest version.
- After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
- Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
- Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.
Step 5 | I don't see any evidence of a 3rd Party Firewall installed on your computer. If you have one installed, make sure it's functioning properly. As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world. Firewalls protect against hackers and malicious intruders.
If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in both directions... from one of these vendors:
- Comodo (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
- Online Armor Free (Free version at bottom of page (XP/Vista/W7 (32bit).) 64bit version not available yet. Some reported conflicts with Avira AntiVir.
- ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
- Ashampoo
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a very basic firewall. This (XP) firewall is NO replacement for a dedicated software solution. Remember to install and have active, only one firewall at the same time. If you install one of these firewalls, remember to turn off Windows' firewall.
Last Step | Now, in order to avoid future infections, please take time to read the following article:
So how did I get infected in the first place?
Thank you for your patience, and performing all of the procedures requested. I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed
-- WTT Classroom Graduate --
-- ASAP Member --
-- UNITE Trained Eliminator --
Thank you once again for all of your help and my kind regards
At step 2 when I follow the instructions I get an error message saying Windows cannot find 'Combofix'
Posting Permissions
