back.0access please help!

[lex200]

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\shez\favorites\avicx1forums.com view topic - getting ipod video to work on x1bt - think i've cracked it.url
c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ebook collection\step on a crack - james patterson.epub
c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ibooks\the mirror crack's from side to side - christie_ agatha.epub
scanner sequence 3.CP.11.PFLBUR
----- EOF -----

 

[ken545]

Thanks for understanding. I hope this made you realize how dangerous illegal software is, I have been at this for many years and if you where sitting in my seat and was aware of the latest threats going around it would make your hair stand on end.


What you want to do is to disable Scotty (WinPatrol) by right clicking it on the System Tray and select disable



Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :processes
  killallprocesses
  
  :OTL
  
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.

 

[lex200]

thanks for being patiant, im not aware of the lastest threats but this one has (made my hair fall out) been bad enough so i dont want to be going through this again.

otl has been quarantined by mcafee as artemis do u want me to unquarantine or download again

 

[ken545]

Yes, you may have to disable McAfee prior to the download

Download OTL to your desktop.

 

[lex200]

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SHEZ\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SHEZ\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: SHEZ
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 3123497 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5941292 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11202011_213934

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[ken545]

:bigthumb:

A new clean hosts file has been written. WinPatrol is a nice program but to in your face for me, you can keep it but you dont have to keep it activated.


Do you have either the McAfee CD or the setup program for it that you downloaded along with the product key ?

 

[lex200]

Yeah your right win patrol is a very good program, it's only been up in my face since infection other then that it was fine. Mcafee is an online installation and there is no product key it's all done vie user name and password. Mcafee seems to be fine now just running a scan at the moment. So far 1 detection potentially unwanted program 20% into scan can cancel if u want me to?

 

[ken545]

Let it run and lets see what it finds

 

[lex200]

It froze on me. The logs showed that it found combo fix. A ran a quick scan after come back clean. Wots next. The only problem I'm can see at the moment is the windows update not installing malicious software removal tool. Also would like to let you no that mcafee made me uninstall malwarebytes. A question relating to malwarebytes a few months ago I got two entry's come up not sure of the exact string but something to do with notify when firewall is off in security centre I put them in ignore list is that ok. I assumed they where false positives.

 

[ken545]

Some Anti Virus programs do not play well with some of our tools, sometimes we have to work around that


What you may want to try is uninstalling McAfee via Add Remove Programs, then run there removal tool to remove all remnants of there program, then go back on line and download and reinstall it and see if it helps.

Mcafee Removal Tool
http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507

You can also try posting in there forum for help
https://community.mcafee.com/community/home



Your infection may have changed your security setting and malwarebytes found and wanted to fix them, go ahead and redownload Malwarebytes, check for updates and run the Quick scan removing all it finds.



Then you can try posting here for your windows update problem, you can link them to this thread if you wish as all us forums work together so they can see what we have done.
http://forums.whatthetech.com/index.php?showforum=119




Lets clean up the tools we have used to clean your system.

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  
  

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[lex200]

Hi Ken,

I would just like to thank you once again for your time and effort in resolving this issue for me as i was screwed with out your help. great job :bigthumb:.

Here is the latest mbam log i have not fixed or removed anything yet because the last time i did this windows security centre fail to work properly could you please shed some light on the situation. Many thanks.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8203

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/11/2011 02:12:17
mbam-log-2011-11-21 (02-12-11).txt

Scan type: Quick scan
Objects scanned: 163813
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[ken545]

Your welcome, glad I could help.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

PUM means potentially unwanted modification. Spyware can disable the security center or some power users decided to disable it on their own. If you haven't disabled security center monitoring yourself, then we would recommend fixing it. Or, if you have disabled security center monitoring, you can choose to ignore those, or "show in results list but do not check for removal" on the Scanner Settings.

What that means is you can go into the Control Panel under Security Center and modify the settings to suite your likings, it does not indicate that malware changed them.

Hope that made sense to you.

Ken

 

[lex200]

Your a super star mate

Hello again Ken,

Thanks for all advise given your a star pums issue has been resolved, all it was is the check boxes in the security center to alert me when changes have been made to firewall etc.:thanks:
I guess mcafee must have change that because i shore didnt.

Im still stuck on the issue of windows update ive posted on other site but info given has not helped as of yet any ideas.

http://forums.whatthetech.com/index.php?showtopic=121213

 

[ken545]

Well, just hang on a bit , I am sure they will get it sorted out