Security Tool Virus

No more problems.

I updated Addobe reader and verified that Java auto updates are turned on.

Here are the logs:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{318bb1ca-a3d8-11df-8758-001fbc0841d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318bb1ca-a3d8-11df-8758-001fbc0841d5}\ not found.
File E:\WDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d7c6f84-a59e-11df-875a-001fbc0841d5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d7c6f84-a59e-11df-875a-001fbc0841d5}\ not found.
File E:\Autorun.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Nate
->Flash cache emptied: 22533 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Nate
->Temp folder emptied: 930959 bytes
->Temporary Internet Files folder emptied: 76808052 bytes
->Java cache emptied: 67783539 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2557692 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3817709 bytes

Total Files Cleaned = 145.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08162010_041222

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBB55.tmp not found!
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBB60.tmp not found!
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBBCB.tmp not found!
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBBD6.tmp not found!
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBC1C.tmp not found!
File\Folder C:\Documents and Settings\Nate\Local Settings\Temp\~DFBC27.tmp not found!
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\03IPRBJ4\showthread[1].htm moved successfully.
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

----------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4435

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2010 4:35:18 AM
mbam-log-2010-08-16 (04-35-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 178538
Time elapsed: 17 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hello nate129 :),

Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
  • Go to Start > Run.... Copy and paste the following text into the white box:
    ComboFix /uninstall
    Click OK.
  • Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
  • Delete the CKScanner file on your desktop.
  • Delete any logs on the desktop.
  • Uninstall HijackThis via the Add/Remove Programs at the Control Panel.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP, Windows Vista or Windows 7 to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials, Avast and Avira are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 and Kaspersky are some good options. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool, totally free but for real-time protection you will have to pay a small one-time fee. If you opt for this real time protection, please disable Spybot's Teatimer.

4. Install WinPatrol, a great protection program that helps you monitor for unwanted files or applications. If you install WinPatrol, please uninstall Spybot to prevent conflict.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts for this purpose. Spybot already have such protection if you wish to keep it, so no need to install this host file.

6. Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine, an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector to find out if any updates required.

9. Install a third party firewall if you do not have one for additional defense against internet dangers. Built-in Windows firewall can only keep nasties from breaking in, but unable to protect against any malwares from sending information out. Some recommended firewalls are Online Armor, Outpost and PC Tools. More information on firewalls. Please keep only one FW installed.

10. If you have been a victim of malware before, Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

11. Also look up How to prevent malware: By miekiemoes and So how did I get infected in the first place? By Tony Klein.

Stay safe.

Your donation helps in improving Spybot-S&D!
 
You must log in or register to reply here.
Back
Top