help with malware issue

[ndurance]

I've reboored a couple more time and logged off & on a couple times and I haven't gotten that CCC error again, or any other error actually. So, I assume it's healed? Can I move all those programs we loaded to a folder now?

 

[Satchfan]

I’m pretty happy that we’ve sorted things but it would be good to do a couple of final checks and then I can give you instructions on how to clean up the tools we’ve used.

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

• start Malwarebytes-Anti-Malware and update it, (“Update” tab}
• once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
• when the scan is complete, click OK, then Show Results to view the results.
• be sure that everything is checked, and click Remove Selected.
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

=========================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• 
  1. Click the Eset online Scanner button.
  2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  
  • Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Eset installer icon on your desktop.​
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Accept any security warnings from your browser.
  6. Check Scan archives
  7. Push the Start button.
  8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  9. When the scan completes, push List of found threats
  10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  Note - if ESET doesn't find any threats, no report will be created.
  11. Push the back button.
  12. Push Finish

If a log has been produced post it in your next reply together with the Mbam log

Thanks

Satchfan

 

[ndurance]

mbam

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Bill :: HOME-PC [administrator]

9/3/2012 6:17:48 PM
mbam-log-2012-09-03 (18-17-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225654
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETScan

C:\Qoobox\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application
C:\_OTL\MovedFiles\08312012_071524\C_Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application

 

[Satchfan]

Eset seems to have taken care of the last infection.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

You can delete the DDS and aswMBR logs and programs from your desktop.

Uninstall Combofix

Follow these steps to uninstall Combofix

• click START then RUN
• now type Combofix /uninstall in the runbox and click OK.

Note the space between the X and the /, it needs to be there.

• please follow the prompts to uninstall Combofix.
• once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL

• Double-click OTL.exe
• Click the CleanUp! button.
• Select Yes when the Begin cleanup Process? prompt appears.
• If you are prompted to reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can just delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Uninstall and update Java

The version you have is old and therefore vulnerable to infections

Remove all versions of Java or JRE environment

1. From the Start menu, select Control Panel.
2. In Classic View, double-click Programs and Features. In Control Panel Home view, under "Programs", click Uninstall a program.
3. Select the program you want to remove, and click Uninstall. Alternatively, right-click the program and select Uninstall.

Install the latest version of Java from here

===================================================

Spybot - Search and Destroy’ – Re-enable TeaTimer and remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes


A final note: If the CCC problem returns, it might b worth having a look at the information here.

Safe computing

Satchfan

 

[ndurance]

I didn't tell Eset to fix anything. Do the two lines it found as threats need to be removed or fixed?

I'll wait on the rest until you reply.

 

[Satchfan]

They are both quarantine files from ComboFix and OTL respectively. They will be removed when you uninstall the programs.

 

[ndurance]

I think I got it all. I really appreciate your help!

 

[Satchfan]

You're welcome.