Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware infection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware infection

Unread postby DFW » April 14th, 2009, 4:24 am

The items flaged by kaspersky are just the WeatherBug program added by HP to the recovery partition, no need to worry about them.


If things are running fine now, I would say we done, AVG took out a lot of the Vundo infection and we just got the leftovers,
we need to clean up first before we are done.


I would keep Malwarebytes' Anti-Malware installed, keep it updated and run weekly scans, or when ever needed.


UNINSTALL COMBOFIX

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.



This is a good time to clear your existing system restore points and establish a new clean restore point:

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.



Some information on protection


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Find Tutorial here http://www.mvps.org/winhelp2002/hosts.htm


Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software


Read some information here how to prevent Malware.


Is your pc running slow?
Read What to do if your Computer is running slowly



Any more questions
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK
Advertisement
Register to Remove

Re: Malware infection

Unread postby craigs1969 » April 14th, 2009, 10:50 pm

Hi DFW,

Thanks again for the help. I have followed all instructions in your last post. My system seems to be running fine. I do have one question: after running WinPatrol, I saw a file in the Hidden Files tab called "bemabeme", with no extension. I googled that and did not find anything. The file was created and modified on the same day that I clicked on the original link I mentioned in my initial post here. Being suspicious, i changed properties to unhidden and moved the file from the windows\system32 directory. It is 11KB. Thoughts?

Thanks again for your patient help!
craigs1969
craigs1969
Regular Member
 
Posts: 18
Joined: April 6th, 2009, 11:20 pm

Re: Malware infection

Unread postby DFW » April 15th, 2009, 2:15 am

Just to be on the safe side let's scan it, not sure what it is yet, it could be just a left over, but let's just make sure, are all your programs running ok.



I'd like you to check (bemabeme) for Viruses.
bemabeme

  • Use the browse button on each site to locate the file to were you moved it to.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • post me the details please.
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Malware infection

Unread postby craigs1969 » April 15th, 2009, 3:10 am

Everything seems fine. Here are both results. Neither found anything. Although I did have another question that I just remembered: I was wondering why if I have Automatic Updates set to notify me prior to downloading and installing they didn't notify me of the several items that were available when I went to the windows update site manually?



File bemabeme received on 04.15.2009 08:48:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.04.15 -
AhnLab-V3 5.0.0.2 2009.04.15 -
AntiVir 7.9.0.143 2009.04.14 -
Antiy-AVL 2.0.3.1 2009.04.15 -
Authentium 5.1.2.4 2009.04.14 -
Avast 4.8.1335.0 2009.04.14 -
AVG 8.5.0.285 2009.04.14 -
BitDefender 7.2 2009.04.15 -
CAT-QuickHeal 10.00 2009.04.15 -
ClamAV 0.94.1 2009.04.15 -
Comodo 1113 2009.04.14 -
DrWeb 4.44.0.09170 2009.04.15 -
eSafe 7.0.17.0 2009.04.13 -
eTrust-Vet 31.6.6455 2009.04.14 -
F-Prot 4.4.4.56 2009.04.14 -
F-Secure 8.0.14470.0 2009.04.15 -
Fortinet 3.117.0.0 2009.04.15 -
GData 19 2009.04.15 -
Ikarus T3.1.1.49.0 2009.04.15 -
K7AntiVirus 7.10.703 2009.04.14 -
Kaspersky 7.0.0.125 2009.04.15 -
McAfee 5584 2009.04.14 -
McAfee+Artemis 5584 2009.04.14 -
McAfee-GW-Edition 6.7.6 2009.04.14 -
Microsoft 1.4502 2009.04.15 -
NOD32 4008 2009.04.15 -
Norman 6.00.06 2009.04.14 -
nProtect 2009.1.8.0 2009.04.15 -
Panda 10.0.0.14 2009.04.14 -
PCTools 4.4.2.0 2009.04.14 -
Prevx1 V2 2009.04.15 -
Rising 21.25.20.00 2009.04.15 -
Sophos 4.40.0 2009.04.15 -
Sunbelt 3.2.1858.2 2009.04.15 -
Symantec 1.4.4.12 2009.04.15 -
TheHacker 6.3.4.0.309 2009.04.15 -
TrendMicro 8.700.0.1004 2009.04.15 -
VBA32 3.12.10.2 2009.04.12 -
ViRobot 2009.4.15.1693 2009.04.15 -
VirusBuster 4.6.5.0 2009.04.14 -
Additional information
File size: 11168 bytes
MD5...: b99040a688aeb7b05ecb786d69e076ba
SHA1..: e09d4cd52cbef7107c0e81c1d6038791baf07f94
SHA256: 9591fc3148963e1622a885bfcb36477878770b10c00fdc4048ec3833108d2716
SHA512: 4b9ba23a7f4237d3fe20edbaec178176f4614f7d9615660bd3df2bb3b0192e29
f3842e4aed7f75efa0ae69fd80684e3b6fa505bd22de1107a7a454dfab60e16b
ssdeep: 192:CDMIjupkudvFHrcN1JqcDM2GF2udvgcUO2hzvy7C0ql0cXJ2uzoqcekmMjGP
9Ns:CQsupPvFHQH0JDF9vtUnFj0cXJ2rqmd/
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
RDS...: NSRL Reference Data Set


________________________________

File: bemabeme
Status:
OK
MD5: b99040a688aeb7b05ecb786d69e076ba
Packers detected:
-
Scanner results
Scan taken on 15 Apr 2009 06:51:14 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Quick Heal
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
craigs1969
Regular Member
 
Posts: 18
Joined: April 6th, 2009, 11:20 pm

Re: Malware infection

Unread postby DFW » April 15th, 2009, 10:06 am

Great, we are good to go then, and your clean.

craigs1969 wrote:I was wondering why if I have Automatic Updates set to notify me prior to downloading and installing they didn't notify me of the several items that were available when I went to the windows update site manually?



To be honest with you I am really not sure, was it critical updates, or optional updates, I think you only get the alerts for critical updates, and I am pretty sure you must be log on as a administrater to recive notifaction, However if you are having trouble with it you should get it checked.
I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.


Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.

DFW
User avatar
DFW
MRU Honors Grad Emeritus
 
Posts: 3229
Joined: September 28th, 2006, 12:23 pm
Location: UK

Re: Malware infection

Unread postby Gary R » April 16th, 2009, 3:30 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware