Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible rootkit?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible rootkit?

Unread postby Elrond » June 19th, 2008, 9:31 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Re: Possible rootkit?

Unread postby Elrond » June 19th, 2008, 1:59 pm

Opened again to complete the work.

Time for clean up.
Go to Start > Run - type in ComboFix /u & click OK


Download and Run OTMoveIt2

Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
C:\rootkitrevealer.exe /s
c:\rootkitrevealer.chm /s

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2
Post the OTMoveIt2 log in this reply. It is just of interest to me.


Double click on OTMoveIt2.
  • Click on CleanUp!.
  • You will receive a prompt that it has finished downloaded a list. Click OK.
  • After this, it will prompt you to restart your computer.
  • Please restart your computer.
Let me know if the clean up went OK for OTMoveIt2.


For myself: Clean up the used tools.

Your computer now seems to be clean. Therefore please

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Create a new, clean System Restore point which you can use in case of future system problems:
    Press Start->All Programs->Accessories->System Tools->System Restore
    Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

    Now remove old, infected System Restore points:
    Next click Start->Run and type cleanmgr in the box and press OK
    Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
    Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
    Press OK and Yes to confirm

  3. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  4. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  5. If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm
  6. if you are using Internet Explorer v. 6
    Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
    There are good reasons to upgrade to Internet Explorer v. 7. Do look into this. You can find a lot of information about it on Microsoft's website.
  7. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  8. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  9. Use a Firewall (Hardware or Software) - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
  10. Never run two Antivirus programs or two Software Firewalls at the same time. They can interfere with each other and cause problems.
  11. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
  12. Update all programs regularly - Make sure you update all programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. The best way to keep updated is to download PSI Secunia from https://psi.secunia.com. It will help you keep your programs updated. Keep it updated. It is free for personal use.
  13. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.


[*]Use your best judgment when opening E-mails, following links, downloading programs, or surfing the web. If there is the slightest thing odd about something connected with any of those do not open, follow or download even if the sender is a friend. If it is a friend then ask if they really sent the information. They could be infected.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
[quote]NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain - that forum has a topic for your infection which is XXXXXXXXXXXXX. Please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to government or government agencies that something will get done.


Some advise to help you keep the computer clean also in the future.

  1. Clean out Temporary Files etc.
    This program is for Vista, XP and Windows 2000 only
    Please download ATF Cleaner by Atribune.
    1. Double-click ATF-Cleaner.exe to run the program.
    2. Under Main choose: Select All. Then remove the check mark for cookies
    3. Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
    • Remove the check mark for Cookies
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt if asked .
    If you use Opera browser
    • Click Opera at the top and
    • choose: Select All.
    • Remove the check mark for Cookies
    • Click the Empty Selected button.
    It is a good idea to do this every few weeks as a lot of junk collects there over time.

  2. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK

  3. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program. If you want to help the developer of the program and get more information about what the programs that you see in Winpatrol please check out Winpatrol Plus. It does not need a new download.

  4. If you are using Internet Explorer v. 7 please read and follow the recommendations at this site. http://surfthenetsafely.com/ieseczone8.htm

  5. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

  6. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least a few times a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  7. Use a Firewall (Hardware or Software) - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recommended.
    Be restrictive with granting access to the Internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  8. Never run two Antivirus programs or two Software Firewalls at the same time. They can interfere with each other and cause problems.

  9. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.

  10. Update all programs regularly - Make sure you update all programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. The best way to keep updated is to download PSI Secunia from https://psi.secunia.com. It will help you keep your programs updated. Keep it updated. It is free for personal use.

  11. Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.


[*]Use your best judgment when opening E-mails, following links, downloading programs, or surfing the web. If there is the slightest thing odd about something connected with any of those do not open, follow or download even if the sender is a friend. If it is a friend then ask if they really sent the information. They could be infected.


Follow those points and your potential for being infected will be reduced.[/list]


I see that you have contact with Bank Mizrachi. I also have some contact with them.


Let me know when you have read this so that I can close it.


Shalom E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Possible rootkit?

Unread postby Elrond » June 25th, 2008, 4:55 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware