XP system infected with Win32.TDSS.rtk
- Thread starter Irwin
- Start date
final steps aren't working 
Hi Shaba,
I'm back, thank you for keeping the thread open. This has been a fabulous experience, working with you to get my system back up. I can't thank you enough.
So, I'm now starting to execute your remaining instructions. I didn't know you were going to help me get things cleaned up, so before I got the list of things you wanted me to do I deleted combofix.exe from my desktop manually. Has that left lingering elements on my computer? Do I need to re-download it, install it, and then do the combofix /u?
Next, I tried to go to http://oldtimer.geekstogo.com/otc.exe, but it says it's a bad address.
I created a Restore Point yesterday, and now read that you wanted me to do a Disable, then a Enable. Have I caused any problem by previously created a Restore Point?
I'll wait to hear from you before I do the additional steps - don't want to make any more mistakes
Best,
Irwin
Hi Shaba,
I'm back, thank you for keeping the thread open. This has been a fabulous experience, working with you to get my system back up. I can't thank you enough.
So, I'm now starting to execute your remaining instructions. I didn't know you were going to help me get things cleaned up, so before I got the list of things you wanted me to do I deleted combofix.exe from my desktop manually. Has that left lingering elements on my computer? Do I need to re-download it, install it, and then do the combofix /u?
Next, I tried to go to http://oldtimer.geekstogo.com/otc.exe, but it says it's a bad address.
I created a Restore Point yesterday, and now read that you wanted me to do a Disable, then a Enable. Have I caused any problem by previously created a Restore Point?
I'll wait to hear from you before I do the additional steps - don't want to make any more mistakes
Best,
Irwin
Shaba
Security Expert: Emeritus
"So, I'm now starting to execute your remaining instructions. I didn't know you were going to help me get things cleaned up, so before I got the list of things you wanted me to do I deleted combofix.exe from my desktop manually. Has that left lingering elements on my computer? Do I need to re-download it, install it, and then do the combofix /u?"
Yes you will need to download it again.
Link works for me, capitalization is required:
http://oldtimer.geekstogo.com/OTC.exe
Uninstall switch has changed, new one is combofix /uninstall; please use that one.
"I created a Restore Point yesterday, and now read that you wanted me to do a Disable, then a Enable. Have I caused any problem by previously created a Restore Point?"
Thing is that system restore needs to be flushed that there would be no bad
files left.
Yes you will need to download it again.
Link works for me, capitalization is required:
http://oldtimer.geekstogo.com/OTC.exe
Uninstall switch has changed, new one is combofix /uninstall; please use that one.
"I created a Restore Point yesterday, and now read that you wanted me to do a Disable, then a Enable. Have I caused any problem by previously created a Restore Point?"
Thing is that system restore needs to be flushed that there would be no bad
files left.
Secunia & intrusion threats
Hi Shaba,
Got Secunia running. Did a scan with it and have been able to delete numerous programs, but there are some I'm having problems deleting.
The programs I am having difficulty removing are not listed in Add/Remove Programs in the control panel: Opera 8, Adobe Flash Player 9, Netscape 7, iTunes, Apple Quicktime 7, Yahoo Messenger 8. Any suggestions?
Thank you and best, :thanks:
Irwin
Hi Shaba,
Got Secunia running. Did a scan with it and have been able to delete numerous programs, but there are some I'm having problems deleting.
The programs I am having difficulty removing are not listed in Add/Remove Programs in the control panel: Opera 8, Adobe Flash Player 9, Netscape 7, iTunes, Apple Quicktime 7, Yahoo Messenger 8. Any suggestions?
Thank you and best, :thanks:
Irwin
Is mbklaunch.exe a problem?
Hi Shaba,
I just got an alert from Spybot that encountered and terminated a process that's part of a malicious software related to mbklaunch.exe located in c:\program files\mcafee\mbk. Is this a false positive or is this a malicious software? I don't know how to respond to the dialog box: Inform me again; Kill this process; Allow this process; Delete the related file...................? Can you advise me?
When I'm installing software (just was installing Malwarebytes), should I be turning off virus scan & Teatimer, and then turn them back on after doing the install?
Don't want to be paranoid about this stuff, but getting my system cleaned up has been such an ordeal, I don't want to do something stupid and have problems again.
thank you,
Irwin
Hi Shaba,
I just got an alert from Spybot that encountered and terminated a process that's part of a malicious software related to mbklaunch.exe located in c:\program files\mcafee\mbk. Is this a false positive or is this a malicious software? I don't know how to respond to the dialog box: Inform me again; Kill this process; Allow this process; Delete the related file...................? Can you advise me?
When I'm installing software (just was installing Malwarebytes), should I be turning off virus scan & Teatimer, and then turn them back on after doing the install?
Don't want to be paranoid about this stuff, but getting my system cleaned up has been such an ordeal, I don't want to do something stupid and have problems again.
thank you,
Irwin
Shaba
Security Expert: Emeritus
"The programs I am having difficulty removing are not listed in Add/Remove Programs in the control panel: Opera 8, Adobe Flash Player 9, Netscape 7, iTunes, Apple Quicktime 7, Yahoo Messenger 8. Any suggestions?"
They might be leftovers then. Did Secunia give any details?
"I just got an alert from Spybot that encountered and terminated a process that's part of a malicious software related to mbklaunch.exe located in c:\program files\mcafee\mbk. Is this a false positive or is this a malicious software? I don't know how to respond to the dialog box: Inform me again; Kill this process; Allow this process; Delete the related file...................? Can you advise me?"
That is false positive, you should allow it
"When I'm installing software (just was installing Malwarebytes), should I be turning off virus scan & Teatimer, and then turn them back on after doing the install?"
It won't hurt but it's not needed.
They might be leftovers then. Did Secunia give any details?
"I just got an alert from Spybot that encountered and terminated a process that's part of a malicious software related to mbklaunch.exe located in c:\program files\mcafee\mbk. Is this a false positive or is this a malicious software? I don't know how to respond to the dialog box: Inform me again; Kill this process; Allow this process; Delete the related file...................? Can you advise me?"
That is false positive, you should allow it
"When I'm installing software (just was installing Malwarebytes), should I be turning off virus scan & Teatimer, and then turn them back on after doing the install?"
It won't hurt but it's not needed.
I happy - process is going along swimmingly
Hi Shaba,
I installed Malwarebytes today. Went fine. Scan found 4 problems and I deleted them.................. this is great. I feel like I just took a disinfectant bath :laughing:
Still have more steps to do - will keep you posted on the progress.
Secunia found programs that are security threats. I'd like to delete them but they are not showing up in Add / Remove Programs. Any suggestions? (Opera, Netscape, iTunes, an old version of Adobe Flash Player, QuickTime)
:thanks:
Irwin
Hi Shaba,
I installed Malwarebytes today. Went fine. Scan found 4 problems and I deleted them.................. this is great. I feel like I just took a disinfectant bath :laughing:
Still have more steps to do - will keep you posted on the progress.
Secunia found programs that are security threats. I'd like to delete them but they are not showing up in Add / Remove Programs. Any suggestions? (Opera, Netscape, iTunes, an old version of Adobe Flash Player, QuickTime)
:thanks:
Irwin
Secunia re: location of security threat softwares
yes, Secunia does say where the software directories are that it lists as intrusion threats. Don't I need to uninstall rather than just delete the directories, to make sure all the registry references, etc. are removed from my system?
yes, Secunia does say where the software directories are that it lists as intrusion threats. Don't I need to uninstall rather than just delete the directories, to make sure all the registry references, etc. are removed from my system?
Too many questions?
Hi Shaba,
I'm getting educated about this infection stuff and there are questions that come up. I don't want to take advantage of your being available. What is ok as far as turning to you for advice?
I found a website that supposedly gives a %40 discount on Malwarebytes. Are these sites legitimate? And how do I figure that out for myself?
http://www.videoconverterplus.com/antivirus/malwarebytes-anti-malware.html
As always, thank you,
Irwin
Hi Shaba,
I'm getting educated about this infection stuff and there are questions that come up. I don't want to take advantage of your being available. What is ok as far as turning to you for advice?
I found a website that supposedly gives a %40 discount on Malwarebytes. Are these sites legitimate? And how do I figure that out for myself?
http://www.videoconverterplus.com/antivirus/malwarebytes-anti-malware.html
As always, thank you,
Irwin
WinPatrol
Hi Shaba,
Their free version was not listed on their front page, as far as I could see, so I Googled and found it at
http://www.winpatroltogo.com/
just an fyi
Irwin
Hi Shaba,
Their free version was not listed on their front page, as far as I could see, so I Googled and found it at
http://www.winpatroltogo.com/
just an fyi
Irwin
Correction re: Winpatrol free location
apologies. actually at
http://www.winpatrol.com/download.html
WinPatrol 2010
apologies. actually at
http://www.winpatrol.com/download.html
WinPatrol 2010
WinPatrol installed - spybot detected PerfectKeylogger
Is this a problem that has been detected? Should I tell spybot to delete the wpsetup.exe file (was going to delete after install anyway). Is my install of WinPatrol now infected? Do I need to uninstall it now?
thanx,
Irwin
Is this a problem that has been detected? Should I tell spybot to delete the wpsetup.exe file (was going to delete after install anyway). Is my install of WinPatrol now infected? Do I need to uninstall it now?
thanx,
Irwin
Status re: completion of finishing security steps
Hi Shaba,
Things are going very well. I've installed and gotten working:
Secunia
WinPatrol
Malwarebytes
Spyware Blaster
NoScript
Ad Blocker
I still have to install the Hosts file. I've been able to delete all the security threats Secunia listed in it's search.
Found this instruction for uninstalling Adobe Flash Player 9.x:
How to uninstall the Flash plug-in and ActiveX Control (TechNote 14157, http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14157
Still have to remove all the tools we used re: diagnosis and removal of the viruses....... will post to you as soon as all is completed.
Thank you Shaba, :thanks: :2thumb:
Irwin
Hi Shaba,
Things are going very well. I've installed and gotten working:
Secunia
WinPatrol
Malwarebytes
Spyware Blaster
NoScript
Ad Blocker
I still have to install the Hosts file. I've been able to delete all the security threats Secunia listed in it's search.
Found this instruction for uninstalling Adobe Flash Player 9.x:
How to uninstall the Flash plug-in and ActiveX Control (TechNote 14157, http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14157
Still have to remove all the tools we used re: diagnosis and removal of the viruses....... will post to you as soon as all is completed.
Thank you Shaba, :thanks: :2thumb:
Irwin
keeping thread open a bit longer?
Hi Shaba,
Would it be an inconvenience to you to keep the thread open for a bit? I still have more things to do?
Also, my applications have been going "Not Responding" quite a bit more than they otherwise used to. Any guesses as to what's going on? Might
it be conflicts with any of the softwares we've installed?
Thank you,
Irwin
Hi Shaba,
Would it be an inconvenience to you to keep the thread open for a bit? I still have more things to do?
Also, my applications have been going "Not Responding" quite a bit more than they otherwise used to. Any guesses as to what's going on? Might
it be conflicts with any of the softwares we've installed?
Thank you,
Irwin
Last edited by a moderator: