Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"HAcka Tack"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: "HAcka Tack"

Unread postby melboy » October 3rd, 2009, 10:50 am

Hi skautroll. :)

That's the MalwareBytes' Anti-malware (MBAM) log. I need a log from the Kaspersky online scanner.

Not every scanner will pick up every infection. As the MBAM log showed further previously unfound traces of Koobface, we need to check to see if there is any more.

For this we will use the Kaspersky Online scan


Kaspersky Online Scan

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select "Run As Administrator" to run it

Go to Kaspersky website and perform an online antivirus scan

  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: "HAcka Tack"

Unread postby skautroll » October 3rd, 2009, 1:56 pm

Sorry, kids are all over the place, is this the right one:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, October 3, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, October 03, 2009 14:26:21
Records in database: 2899383
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 201054
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:25:02


File name / Threat / Threats count
C:\Qoobox\Quarantine\[4]-Submit_2009-09-29_23.28.37.zip Infected: Trojan.Win32.Agent.cwje 1

Selected area has been scanned.
skautroll
Active Member
 
Posts: 11
Joined: September 20th, 2009, 9:14 am

Re: "HAcka Tack"

Unread postby melboy » October 3rd, 2009, 3:06 pm

Your log now appears to be clean. Congratulations!

This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

Uninstall Combofix
We Need to Remove ComboFix
  1. Please go to Start (Vista Orb) -> Start Search
  2. Enter "ComboFix /u" (without quotes). Note the space between "ComboFix" and "/u", it needs to be there.
    Image
  3. Press OK (Or hit enter).
  4. Allow ComboFix to remove itself.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Right click on OTC.exe and select "Run as Administrator"
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself





Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Create a new, clean System Restore point

  1. Click on Start > Control Panel.
  2. Double click on System.
  3. On the left, click on the System Protection link.
  4. At the bottom right hand corner, click on the Create... button.
  5. Give this System Restore point a descriptive name and click on Create.
  6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
  7. Click OK again to close the System Protection window. Then close Control Panel.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  1. Click on Start > All Programs > Accessories > System Tools.
  2. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
  3. Select your C drive and click OK.
  4. Select the More Options tab.
  5. Under System Restore and Shadow Copies, click on the Clean up... button.
  6. You will receive a prompt. Click on Delete to delete the old System Restore points.
  7. When done, click OK. You will receive another prompt. Click Delete Files to confirm.
  8. When done, Disk Cleanup will automatically close.


Enable UAC

While UAC in Vista is certainly annoying to some extent, it offers some protection for Windows. Here's an explanation.

  1. Click on Start > Control Panel.
  2. Double click on User Accounts.
  3. Under Make changes to your user account, click on Turn User Account Control on or off.
  4. Check (tick) this box: Use User Account Control (UAC) to help protect the computer.
  5. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start (Vista Orb) > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.) You can find a tutorial HERE.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera

  • Firewall
    The Windows firewall in Vista can monitor incoming, AND outgoing traffic. This application from Sphinx-soft can help configure it to suit your needs. Alternatively use a 3rd party firewall from the suggestions below. Make sure your firewall is always enabled while your computer is connected to the internet.
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
    Suggestions:
    Online Armor Free
    PcTools Firewall (Free)
    Outpost Firewall Free


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "HAcka Tack"

Unread postby skautroll » October 4th, 2009, 3:18 am

Thank you , than you and thank you :P
Everything works fine and I have installed what you recommended :cheers:

You've been a great help and I am so happy that you replied to me.
It's been really usefull and educationally to me as well :)

thank you for your assistance and kindness :king:

Regards
Skautroll :alien:
skautroll
Active Member
 
Posts: 11
Joined: September 20th, 2009, 9:14 am

Re: "HAcka Tack"

Unread postby melboy » October 4th, 2009, 4:28 am

You're most welcome, skautroll!

I'm glad to have been of help. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: "HAcka Tack"

Unread postby silver » October 6th, 2009, 8:17 pm

This topic is now closed
We are pleased to have been of assistance.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware