Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 44

Thread: malware took other my computer

  1. #31
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    log of eset scan

    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0002492.exe probably a variant of Win32/Agent.EDQCSRE trojan

  2. #32
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    about the keyboard icon, this the language icon of windows which usually stays next to the system tray.
    if i reload the recovery DVD, I'll have to reinstall the whole system I think..

  3. #33
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    What ESET found was in your System Restore program, lets flush it all out and create a new restore point

    System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

    Please follow the steps below to create a clean restore point:
    1. Click Start > Run > copy and paste the following into the run box:
      %SystemRoot%\System32\restore\rstrui.exe
    2. Press OK. Choose Create a Restore Point then click Next.
    3. Name it (something you'll remember) and click Create.
    4. When the confirmation screen shows the restore point has been created click Close.


    Then remove all previous Restore Points
    1. Click Start > Run > copy and paste the following into the run box:
      cleanmgr
    2. Choose to scan drive C:\ (if C:\ is your main drive).
    3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
    4. Click on the Yes button.
    5. When finished, click on Cancel button to exit.





    We need to uninstall previous versions of Java and install the latest one, this will help making your computer more secure

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.




    1. Click Start > Settings > Control Panel.
    2. Double-click the Java Plug-in icon in the control panel.
    3. Click the Cache tab.
    4. Click Clear A confirmation dialog box appears.
    5. Click Yes to confirm.
    6. Click Apply.




    As far as you Icon for your Keyboard, why dont you post here in there windows forum, we all work together so you can link them to this thread if you wish so they can see what we have done.
    http://forums.whatthetech.com/index.php?showforum=119


    Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system

    • Click START then RUN
    • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.





    Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups





    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #34
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    I did exactly what you told me to do.
    Technically, the virus is gone. I'll monitor the behavior of the computer the next hours to be sure.

    OTL did not remove everything. for example, aswmbr.exe, ATF-cleaner.exe, RKHunhookerLE.exe, are still on the desktop. I think I'll just delete them.

    ESET installed some component, so do I have to do another scan and when he asks me what to do I check the uninstall component after scan box, in order to uninstall ESET on the computer?

    I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?

    about the keyboard icon, I don't know how but it is back in place, here a small pic to let you see what I meant


    To avoid these type of root-kit, do I have to have a real-time anti-spyware?
    I am getting rid of McAfee, I want to install avira or avast, what is the best between these two? what will you recommend?

    Thank You very much ken545!!!!!!

  5. #35
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    One more thing can you please have a look at this scan from RogueKiller
    before I use to have a host file (some 125....) now this is Yp1. is it bad?

    RogueKiller V4.3.7 by Tigzy
    contact at http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.sur-la-toile.com/discussi...Remontees.html

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: NICOU [Admin rights]
    Mode: Scan -- Date : 05/09/2011 17:17:09

    Bad processes: 0

    Registry Entries: 0

    HOSTS File:
    ÿþ1

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt


    the previous log from 3 days ago

    RogueKiller V4.3.7 by Tigzy
    contact at http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.sur-la-toile.com/discussi...Remontees.html

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: NICOU [Admin rights]
    Mode: Scan -- Date : 05/06/2011 17:09:01

    Bad processes: 0

    Registry Entries: 0

    HOSTS File:


    Finished : << RKreport[1].txt >>
    RKreport[1].txt

  6. #36
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Well, when we ran the OTL fix we reset your hosts file back to Microsoft defaults, so thats fine

    As far as Anti Virus software, whatever your comfortable with and like, what one scan finds another may not, there is no silver bullet. But you should only have one so if you install one of the other ones you posted about you need to uninstall McAfee

    You can uninstall ESET via Add Remove Programs in the Control Panel


    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.


    The rest you can just drag to the trash

    Anymore questions please post back
    Last edited by ken545; 2011-05-10 at 01:07.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #37
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    ok you answered all the questions except that one:

    "I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?"

    other that that so far, everything runs smooth and I'll install one antivirus only.

  8. #38
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    We crossed post, the enable defogger is in my prior post

    Glad all is well
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #39
    Guest
    Join Date
    May 2011
    Posts
    57

    Default

    So the emulation driver is enable, thank you.
    i ran spybot and again, click.giftload. I am so afraid I took no action.
    I am still sick? I mean the computer, beside that, no redirect so far and no excessive process of svchost

    here is the log (it is so long that i can't paste it here but this is the result)


    --- Search result list ---
    Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe

  10. #40
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Do this

    Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

    REGEDIT4

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
    "svchost.exe"=-

    If you saved the file correctly it should look like this

    Run Spybot again and it should be gone
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •