emosamurai
New member
Here is the newest KAS log....it's better.
Again, too big to post and to attach:
http://www.divshare.com/download/3509973-d61
Again, too big to post and to attach:
http://www.divshare.com/download/3509973-d61
Malware Infestation: Possible WM97/Luda-A Virus
- Thread starter emosamurai
- Start date
Congratulations your logs look clean :bigthumb:
The only files found are in system restore and recycle bin
Let’s see if I can help you keep it that way
First lets tidy up
Delete any logs we have produced and empty your recycle bin
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
Turn off System Restore.
Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply",
Restart your computer
Turn ON System Restore
Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously
then click "Apply",
Restart your computer
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
I'm not sure how much of the following you are allowed to use, as it is designed for home use rather than commercial, but I will give you the list anyway
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.nanoscan.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
AntiSpyware
Prevention
Internet Browsers
Cleaning Temporary Internet Files and Tracking Cookies
Also PLEASE read this article.....So How Did I Get Infected In The First Place
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
The only files found are in system restore and recycle bin
Let’s see if I can help you keep it that way
First lets tidy up
Delete any logs we have produced and empty your recycle bin
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
Turn off System Restore.
Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply",
Restart your computer
Turn ON System Restore
Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously
then click "Apply",
Restart your computer
The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
I'm not sure how much of the following you are allowed to use, as it is designed for home use rather than commercial, but I will give you the list anyway
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.nanoscan.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All of the programs in this list have a free version,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.- Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
- a-squared Free <<< A good "realtime" or "on demand" scanner
- AVG Anti-Spyware 7.5 <<< A good "realtime" or "on demand" scanner
- superantispyware <<< A good "realtime" or "on demand" scanner
- Ad-Aware 2007 Free <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one- Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
- SpywareBlaster 3.5.1
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
- SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
- ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
- MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.- Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialise and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program- ATF Cleaner
- Free and very simple to use
- CCleaner
- Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Last edited:
emosamurai
New member
Where can I find those files that are in the "Recycle Bin" and "System Restore" to delete them? The recycle bin is empty, but obviously something keeps coming up.
I've turned system restore off, and I'm a little confused as to what to do next.
I've turned system restore off, and I'm a little confused as to what to do next.
Turn off system restore >>> reboot the machine >> Turn on system restore.
This will wipe all the restore points, and then create a fresh (clean) one.
You are best doing this on all the machines.
The recycle folders are
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$I5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$IDHYIJS.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$R5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$RDHYIJS.vbs"
"C:\Users\Daniel\Desktop\SDFix.exe"
"D:\$RECYCLE.BIN\S-1-5-21-2708822051-1969383407-3736298607-1000\Money.vbs"
"G:\$RECYCLE.BIN\$IBMIBWZ.vbs"
"G:\$RECYCLE.BIN\$RBMIBWZ.vbs"
"G:\$RECYCLE.BIN\Readme.vbs"
"G:\$RECYCLE.BIN\$I7E9vbs"
"G:\Recycled\Readme.vbs"
The ones on C:\ are most likely from different accounts on the machine.
You would need to log into each account and empty the bin.
I don't know where G:\ is located, is it an external drive or a physical drive on another machine ?
This will wipe all the restore points, and then create a fresh (clean) one.
You are best doing this on all the machines.
The recycle folders are
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$I5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$IDHYIJS.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$R5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$RDHYIJS.vbs"
"C:\Users\Daniel\Desktop\SDFix.exe"
"D:\$RECYCLE.BIN\S-1-5-21-2708822051-1969383407-3736298607-1000\Money.vbs"
"G:\$RECYCLE.BIN\$IBMIBWZ.vbs"
"G:\$RECYCLE.BIN\$RBMIBWZ.vbs"
"G:\$RECYCLE.BIN\Readme.vbs"
"G:\$RECYCLE.BIN\$I7E9vbs"
"G:\Recycled\Readme.vbs"
The ones on C:\ are most likely from different accounts on the machine.
You would need to log into each account and empty the bin.
I don't know where G:\ is located, is it an external drive or a physical drive on another machine ?
emosamurai
New member
G:/ is the same as DREW's Z:/, it's the external hard drive.
emosamurai
New member
I went to Properties on the Recycle Bin, but those options aren't available. There is no GLOBAL or a place for a bullet.
Have you tried looking on the G:\ and D:\ drives to see if there is a recycle bin there ?
Or you could do a search for
Readme.vbs and Money.vbs ( make sure you select search everywhere )
and then delete them. As they are already in recycle this will remove them completely
Or you could do a search for
Readme.vbs and Money.vbs ( make sure you select search everywhere )
and then delete them. As they are already in recycle this will remove them completely
emosamurai
New member
Ok, so I found some .vbs files, but they are located on the External HD, under System Volume Information and within a restore folder. But I followed your directions, turning system restore off and then on again, with 2 restarts, but does that work for an external HD?
When I try to delete the vbs files on the HD under System Volume Information, nothing happens.
When I try to delete the vbs files on the HD under System Volume Information, nothing happens.
When you go through the options for system restore, you should see an option for the external drive.
Make sure you UN- select it, that will stop windows from checking it.
You may need to do the same for all machines that link to it, I am not sure how it works on a network like that.
Make sure you UN- select it, that will stop windows from checking it.
You may need to do the same for all machines that link to it, I am not sure how it works on a network like that.
emosamurai
New member
As you can see from this screenshot, it only lists my C drive, and the Dell Installed D drive, which is just a RECOVER drive, nothing but system files on that one, don't use it for anything.
So I don't know how to adjust system restore settings for that External.
So I don't know how to adjust system restore settings for that External.
emosamurai
New member
It's a Maxtor OneTouch and it's connected directly to my computer. DREW can access it through the network, but that's it.
emosamurai
New member
Well, if you click the clean up button there that will sort the recycle bin problems 
did you install any software for the Maxtor drive ?
According to the website it is something called "FreeAgent Pro" there should be an option in there to disable system restore on that drive
did you install any software for the Maxtor drive ?
According to the website it is something called "FreeAgent Pro" there should be an option in there to disable system restore on that drive
emosamurai
New member
I don't seem to have that application installed and can't find the disk.
Let's see if we can find something relating to the Maxtor drive
Installed Programs
Please could you give me a list of the programs that are installed.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
Installed Programs
Please could you give me a list of the programs that are installed.
- Start HijackThis
- Click on the Config button
- Click on the Misc Tools button
- Click on the Open Uninstall Manager button.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.
emosamurai
New member
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator 7.0.1
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3
Dell ETS Factory Installation
Dell Printer Software
Dell System Customization Wizard
DivX Content Uploader
DivX Web Player
EN
ESET Online Scanner
ESET Smart Security
FontNav
Foxit Reader
GIMP 2.4.2
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Last.fm 1.4.2.58376
LogMeIn
Microsoft Office Small Business Edition 2003
Microsoft Office XP Media Content
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MWSnap 3
NVIDIA Drivers
PDF Settings
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sonic Activation Module
SpamBayes 1.0.4
Spybot - Search & Destroy
Trojan Remover 6.6.5
Update Manager
User's Guides
WinAce Archiver
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator 7.0.1
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3
Dell ETS Factory Installation
Dell Printer Software
Dell System Customization Wizard
DivX Content Uploader
DivX Web Player
EN
ESET Online Scanner
ESET Smart Security
FontNav
Foxit Reader
GIMP 2.4.2
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Last.fm 1.4.2.58376
LogMeIn
Microsoft Office Small Business Edition 2003
Microsoft Office XP Media Content
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MWSnap 3
NVIDIA Drivers
PDF Settings
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sonic Activation Module
SpamBayes 1.0.4
Spybot - Search & Destroy
Trojan Remover 6.6.5
Update Manager
User's Guides
WinAce Archiver
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin