Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IRC Bot Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IRC Bot Virus

Unread postby proscroby » March 27th, 2009, 9:11 pm

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

3/27/2009 8:58:05 PM
mbam-log-2009-03-27 (20-58-05).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 323878
Time elapsed: 1 hour(s), 55 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Adobe\Acrobat 8.0\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Files\License.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP391\A0088480.dll (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP392\A0088500.rbf (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP394\A0088531.rbf (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP394\A0088543.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP394\A0088546.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP394\A0088547.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{04E171EC-5846-41F5-A207-BE0B1B1F86BB}\RP369\A0086219.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Vista\v3.0\Vista sucks donkeys v3.0.exe (Trojan.VB) -> Quarantined and deleted successfully.
C:\Documents and Settings\Clairmonte Newton\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Downloads\_Kaspersky Internet Security keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Downloads\avast! 4.8.1296 Professional Edition Eng+6 keygens\Avast.Pro.4.8.1296.0.ENG\KeyGens\Keygen-CORE\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Downloads\Acrobat_8_Pro_Keygen\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Downloads\Super antispyware 4.20\nGen\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
E:\Serial Numbers\Acrobat_8_Pro_Keygen\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
E:\Program Files\WinZix\WinZixManager.dll (Rogue.WinZix) -> Quarantined and deleted successfully.
E:\Documents and Settings\Clairmonte\Shared\Serial Numbers\Acrobat_8_Pro_Keygen\keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\winrar 3.40 corporate.exe (Trojan.Agent) -> Quarantined and deleted successfully.
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm
Advertisement
Register to Remove

Re: IRC Bot Virus

Unread postby Odd dude » March 28th, 2009, 3:42 am

Well, that revealed some interesting things.

How many of the keygens you downloaded did you actually run?

Uninstall ComboFix
  • Disable all your antimalware programs like you did previously
  • Click Start > Run and enter:
    Code: Select all
    ComboFix /u
  • Click OK
  • ComboFix will now uninstall itself


Install a firewall
There is no firewall installed on your computer!
Either that, or you're using Windows Firewall, which is not a good idea.

Firewalls are programs that monitor incoming and outcoming connections to your computer. Did you know that, just by connecting to the internet, you are being exposed to hundreds of treats immediately? The way to solve this, is to use a firewall, and up-to-date antivirus software.

Windows Firewall only monitors incoming connections. This means that, once you are infected, the malware is free to ask for new instructions, send private data to its creator, or invite its malware buddies to come over. In other words: it's almost as good as no firewall at all.

Download a free for personal use firewall NOW. If you can't find a good one, try one of these:
Online Armor Free
Agnitum Outpost Free



Congratulations!

Image Image Image Image Image Image

As far as I can tell, you are CLEAN!


Image


Have a big cup of Image, sit back & relax, and now please follow a few of the following tips; they will dramatically reduce your chance of getting infected again.


  • Turn on Automatic Updates if you have not done so. It is MANDATORY to keep your Windows updated, otherwise you are vulnerable to exploits! To turn on Automatic Updates: click Start > Control Panel > Security Centre > Automatic Updates.

Below are optional items. They will increase your security, but are not really "needed". That said, I recommend following at least one of these tips.

  • Install WinPatrol from here. Instructions for use are here.

  • Install a custom hosts file. Let's say I have a directory of 640kb's worth of bad sites. Let's say I can make sure you will never be able to access those sites, so you will never get any infection from those sites. It's like blocking a site - without site blocking tools. How would you like to never be able to visit (a lot, but not all of the) malware-infected sites again? Well, now you can!
    First, we must disable a service, as Windows cannot work with a very large hosts file while that service is active. This will not affect anything else.
    The disabling routine:
    • Click Start, then Run
    • Copy and paste the following:
      Code: Select all
      sc config dnscache start= disabled
    • Click OK
    Next, you can download the custom hosts file from here. Installation instructions can be found there as well.

Please reply to this thread once more so we know it can be archived.

And stay away from cracks and keygens. 99% of them bundle very nasty malware.


If you have any more questions, now is the time to ask :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby proscroby » March 29th, 2009, 7:22 pm

I must once again express my gratitude to you for all your assistance over the past weeks. With your help, I now feel confident to attach my PC to the internet again. I have installed Online Armor free, winpatrol and the custom hosts files. I have heeded the error of my ways and will not download keygens again - from here on I will purchase software if I can afford it.

I must confess that I have never heard of 99% of the software you instructed me to download and run! Is there any suggested reading that I could use to increase my knowledge of what's out there?

Once again, Thank You.
proscroby
Active Member
 
Posts: 11
Joined: March 11th, 2009, 9:08 pm

Re: IRC Bot Virus

Unread postby Odd dude » March 30th, 2009, 1:09 am

Thank you for the warm thankings. You're most welcome. :)

This is a worthy read: viewtopic.php?f=11&t=4959
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: IRC Bot Virus

Unread postby Elrond » March 30th, 2009, 5:31 am

proscroby this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware