Husbands laptop infected, trojans etc. Please HELP!!

[ken545]

RegCure, thats totally up to you. Been in computing for many years and never really had any use for a reg cleaner. I cant tell you how many people have posted in the past with all kinds of problems and I look at there logs and they have a few reg cleaners installed and run them quite often.

When were done I can show you how to remove a reg entry when you uninstall a program for a clean uninstall.

 

[ken545]

Sorry, missed your post about disabling your AV, yes you should

You have McAfee installed

Look here for instuctions
http://www.bleepingcomputer.com/forums/topic114351.html

 

[taichi]

I ran the Eset online scanner. Here is the copy of results log.
Thank you for assistance.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=798f9f5863503c42805d8a72977bba42
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-24 01:51:20
# local_time=2010-08-23 09:51:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16776869 100 96 1836891 34617819 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=206224
# found=0
# cleaned=0
# scan_time=5585

 

[ken545]

Looks ok. This is what we have done so far, running GMER checks for a rootkit, this is an infection that hides from the operating system and most scanners and the report came back ok. Combofix removed a few things, none really earth shattering, Malwarebytes and ESET both come back clean so I feel at this point if your computer is still slow it most likely is a software, hardware or a windows issue. If you like I can link you to a site we work closely with and you can post in there windows forum for help. They can help you sort out your programs and ones that start up and possibly improve the performance of your system.

http://forums.whatthetech.com/index.php?showforum=119
Like Safer this forum is free but you will need to register .

You can also link them to this thread if you wish so they can see what we have done .

Ken

 

[taichi]

So everything looks clean now? That would be great!

If you could give instructions on removing the RegCure, that would be helpful, as well. Thank you so much!

 

[ken545]

You should be able to remove it via Add Remove Programs in the Control Panel

Go To Start> Control Panel> Add Remove Programs and look for RegCure and uninstall it.

GMER <--Drag it to the trash

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  
  • 
  
  
• When shown the disclaimer, Select "2"

The above procedure will:

• Delete the following:
  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:_OtMoveIt folder, if present
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

Now to remove most of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

• Spybot Search and Destroy 1.6
  Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  
• WinPatrol Keep this fine program activated to block a lot of threats
  
• Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  
• Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  
• IE-Spyad
  IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• Firefox 3 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

 

[taichi]

Okay, I will do try to remove gmer through control panel, and do the clean up things you listed tonight after work.

About the Kaspersky and eset scanner... should I leave them or will the OTC remove them?

Would you please keep this topic thread open for a little bit longer, in case I run into problems when cleaning tonight and tomorrow. Thank you.

After that I will post in the other forum about the computer slowness and link back here to see if they can help.

Thanks again for all your help!
TaiChi
http://forums.spybot.info/images/smilies/thanks.gif

 

[ken545]

Okay, I will do try to remove gmer through control panel
You mean RegCure

OTC will remove GMER

As far as the online scans you can just delete them

I will keep this thread open for you for a few days in case you need help