How to remove windows explorer malware

[dalfish]

Hi friends,

I got infected with 177 malware items. I just tried to download opensuse11.3 from mirrorackspace.com. So i cleaned the 170 infections with Spybot. When i run the spybot the items now detected are

1 Adobe flash player cookies

2 cache

3 history

4 MS direct3D

5 Windows

6 windows explorer (THis is the one )


The windows explorer is not removed rest of all are removed by spybot Spybot asks for a startup scan. i have done that but the items detected wont show up Instead Spybot windows show 3 detected at the bottom left side. Spybot dialog box say it is resident in the memory. How to remove the no 6 item called the windows explorer


Regards


Dalfish

 

[tashi]

Hello dalfish,

Could you copy paste the top of the log showing the items found please.

Best regards.

 

[dalfish]

The log that you requested

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Excel\File MRU



MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (2 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Office\12.0\Word\File MRU



Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources



Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count



Windows Explorer: [SBI $6107D172] User Assistant history files (28 files) (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count



Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1953444363-2538418381-4065474521-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs



Cache: [SBI $49804B54] Cache (7) (Cache, nothing done)





History: [SBI $49804B54] History (4) (History, nothing done)





Congratulations!: No immediate threats were found. (Status)





This is log that is generated after the scan


Regards


Dalfish

 

[tashi]

Hello dalfish,

Please open Spybot Search & Destroy > Help > About and let us know the version of Spybot and the date of last definitions.

Best regards.

 

[dalfish]

Definition information and spybot version

Dear Tashi,

Spybot search and Destroy1.6.2.46


Definition 27/10/2010



Regards


Ashik

 

[tashi]

Hello dalfish,

Please see this FAQ "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) which also includes instructions on posting a preliminary DDS log.

Then start a new topic in the Malware Removal Forum and a volunteer analyst will advise you when available.

Best regards.