Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Problem removing a rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Problem removing a rootkit

Unread postby jmw3 » April 25th, 2009, 9:29 am

Hello alfie

The combofix log you posted is not the most current. Did you download a new copy of Combofix & run the CFScript from my last post? If so the most current Combofix log can be found at C:\Combofix.txt
Could you post the contents of that log please.

The Gmer log is fine & looks good.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top
Advertisement
Register to Remove

Re: Problem removing a rootkit

Unread postby alfie » April 26th, 2009, 4:39 am

Hi jmw
I posted the wrong log it should have been this one!!

ComboFix 09-04-25.A1 - HOME 25/04/2009 11:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.617 [GMT 1:00]
Running from: c:\documents and settings\HOME\Desktop\Commy.exe
Command switches used :: c:\documents and settings\HOME\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-24 19:46 . 2009-04-24 19:46 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-20 19:02 . 2009-04-20 19:02 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-20 19:02 . 2009-04-20 19:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-17 06:57 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-17 06:57 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 06:57 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-17 06:57 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 06:57 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-17 06:57 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 06:57 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 06:57 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 06:57 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 06:57 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-17 06:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-17 06:55 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-17 06:55 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-14 18:24 . 2009-04-20 21:55 8 ----a-w c:\documents and settings\HOME\settings.dat
2009-04-12 10:47 . 1994-09-21 00:00 92208 ----a-w c:\windows\system\WING.DLL
2009-04-12 10:47 . 1994-09-21 00:00 12800 ----a-w c:\windows\system\WING32.DLL
2009-04-01 18:58 . 2009-02-11 09:19 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 18:58 . 2009-02-11 09:19 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 18:58 . 2009-04-01 18:58 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-01 18:58 . 2009-04-01 18:58 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 17:45 . 2009-04-18 15:23 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-01 17:44 . 2009-04-01 17:44 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\scripting
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\l2schemas
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\en
2009-03-31 19:36 . 2009-03-31 19:36 -------- d-----w c:\windows\system32\bits
2009-03-31 19:34 . 2009-03-31 19:34 -------- d-----w c:\windows\ServicePackFiles
2009-03-30 18:13 . 2009-03-30 18:13 -------- d-----w c:\program files\Sophos
2009-03-28 17:27 . 2009-03-28 17:27 -------- d-----w c:\documents and settings\All Users\Application Data\Citrix
2009-03-28 16:50 . 2009-03-28 16:50 -------- d-----w c:\documents and settings\HOME\Local Settings\Application Data\Citrix
2009-03-28 16:50 . 2009-03-28 16:50 61224 ----a-w c:\documents and settings\HOME\GoToAssistDownloadHelper.exe
2009-03-28 15:01 . 2009-03-28 15:01 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-26 20:55 . 2009-03-26 20:55 -------- d--h--w c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 16:50 . 2008-03-13 15:55 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-20 21:50 . 2009-02-03 14:31 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-20 19:02 . 2006-01-18 11:11 -------- d-----w c:\program files\Java
2009-04-17 06:56 . 2006-01-18 11:23 -------- d-----w c:\program files\McAfee
2009-04-15 20:51 . 2008-02-03 19:33 -------- d-----w c:\documents and settings\All Users\Application Data\Napster
2009-04-01 18:49 . 2006-02-04 13:02 5956 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-01 18:49 . 2006-02-04 13:02 50376 ----a-w c:\documents and settings\HOME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 19:39 . 2004-08-11 17:14 88499 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-03-31 19:32 . 2004-08-11 17:00 250048 --sha-r C:\ntldr
2009-03-28 15:49 . 2008-07-28 14:37 -------- d-----w c:\program files\Bonjour
2009-03-25 10:06 . 2007-02-17 11:09 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 10:06 . 2007-02-17 11:09 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 10:06 . 2007-02-17 11:09 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 10:06 . 2007-02-17 11:09 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 10:05 . 2007-02-17 11:09 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-24 18:38 . 2007-12-03 19:49 268 ---ha-w C:\sqmdata15.sqm
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 13:47 . 2009-03-19 13:47 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-07 19:39 . 2006-01-18 11:23 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-06 14:22 . 2004-08-11 17:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-05-10 05:25 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-11 17:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2004-08-11 17:12 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-09 18:37 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 03:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 03:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-11 17:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-11 17:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2004-08-11 17:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-11 17:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2008-10-16 11:27 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-11 17:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:02 . 2008-10-16 11:27 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-11 17:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-16 11:27 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-16 11:27 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-11 17:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-11 17:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-10-16 11:27 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-03 22:59 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-11 17:00 56832 ----a-w c:\windows\system32\secur32.dll
2006-10-29 17:29 . 2006-10-29 17:29 49600 ----a-w c:\documents and settings\HOME\Application Data\GDIPFONTCACHEV1.DAT
2006-04-06 06:59 . 2006-04-06 06:59 127 ----a-w c:\documents and settings\HOME\Local Settings\Application Data\fusioncache.dat
2006-07-11 18:54 . 2006-07-11 18:54 56 --sh--r c:\windows\system32\E48057C54E.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-04-20_18.47.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-25 08:53 . 2009-04-25 08:53 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
- 2004-08-11 17:00 . 2009-04-20 18:18 53436 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:00 . 2009-04-25 08:57 53436 c:\windows\system32\perfc009.dat
+ 2004-08-11 17:11 . 2004-08-04 05:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
- 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-22 17:14 . 2009-04-25 08:58 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-01-22 17:14 . 2009-04-25 08:58 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-01-22 17:14 . 2009-04-20 18:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-01-22 17:14 . 2009-04-25 08:58 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-28 14:28 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-09-28 14:28 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
- 2004-08-11 17:00 . 2009-04-20 18:18 381692 c:\windows\system32\perfh009.dat
+ 2004-08-11 17:00 . 2009-04-25 08:57 381692 c:\windows\system32\perfh009.dat
+ 2009-04-20 19:02 . 2009-04-20 19:02 148888 c:\windows\system32\javaws.exe
+ 2009-04-20 19:02 . 2009-04-20 19:02 144792 c:\windows\system32\javaw.exe
+ 2009-04-20 19:02 . 2009-04-20 19:02 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-12 4898816]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-13 185896]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-20 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-01-12 4898816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-18 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 MEMSWEEP2;MEMSWEEP2; [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-04-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-02 14:23]

2007-02-17 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-17 10:53]

2007-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-17 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ou ... &p=_adr&q={searchTerms}
mWindow Title = Microsoft Internet Explorer Provided by Wanadoo
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Search with Wanadoo - c:\windows\system32\WSBar.dll/VSearch.htm
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 11:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\21.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1680)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2009-04-25 11:56
ComboFix-quarantined-files.txt 2009-04-25 10:56
ComboFix2.txt 2009-04-20 18:49
ComboFix3.txt 2009-04-18 15:42

Pre-Run: 29,935,669,248 bytes free
Post-Run: 29,994,319,872 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
217 --- E O F --- 2009-04-19 10:30

I will not have access to the infected pc until the 3rd May to carry out any further checks,scans etc
I will be able to access the forum to check for any replies.
Thanks for your continued patience and support.


but I will
alfie
Active Member
 
Posts: 9
Joined: April 12th, 2009, 8:40 am
Top

Re: Problem removing a rootkit

Unread postby jmw3 » April 26th, 2009, 5:32 am

I will not have access to the infected pc until the 3rd May to carry out any further checks,scans etc
I will be able to access the forum to check for any replies.
Thanks for your continued patience and support.
OK... no worries. The logs look good now, just a bit of cleaning up & a few recommendations & we're done. You can do these when you have access again & at your leisure :)

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.1
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove Combofix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /u
OTCleanIt
Download OTCleanIt here & save it to your desktop.
Double click on OTCleanIt.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can also delete the following from your desktop:
DDS.scr
RootRepeal
Any logs that may have been saved to your desktop
You can either delete or keep ATF-Cleaner. It's a handy tool for cleaning out your temporary folders.

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work):
  • Double click the Installer on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Top

Re: Problem removing a rootkit

Unread postby NonSuch » May 1st, 2009, 6:03 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 436 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index