Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HTTPS Tidserv request 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 14th, 2010, 10:38 am

kemsing,
Still looks good.
-----------------------------------------------------------
Run OTL
(If you removed it, the download is here: http://oldtimer.geekstogo.com/OTL.exe)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :Files
    C:\Documents and Settings\Lee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst
    C:\Qoobox
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
-----------------------------------------------------------
Reset System Restore Points
  • Click Start > Help and Support
  • Click on ->Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close Help and Support Center.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware.
-----------------------------------------------------------
Install WinPatrol - Download and Install the Free WinPatrol, and view Instructions here: http://www.winpatrol.com/winpatrol.html
- WinPatrol is an active program that drops a "Scotty Dog" icon into the system tray (right click to check/change status), allows you to monitor/edit startups, services, Browser helpers, and prompts for permission if any program tries to change your system.

You can delete all the desktop tools we installed, except I would keep Malwarebytes Anti-Malware and update/scan with it every week or so.

You may have to remake your settings in Outlook, since the Outlook data is corrupted with a trojan downloader.

Unless you see something new, you should be good to go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 14th, 2010, 10:58 am

Hi Askey
I really appreciate all your help.
I am away for the week-end and will download your latest instructions on Monday. and then post up-dates.
Wish it was a Golfing week-end but almost as good visiting friends in The New forest.
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 14th, 2010, 11:22 am

kemsing,
Glad to help.
Sorry about the Outlook problem, but nothing else can be done about it.
In the future, please be very careful clicking on any link you see in an e-mail.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 17th, 2010, 4:29 am

Quote "You may have to remake your settings in Outlook, since the Outlook data is corrupted with a trojan downloader."
Is It a case of having to delete Outlook from my Computer delete Microsoft programmes, and re-installing? Or is there another method of doing this?
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 17th, 2010, 4:43 am

Here is report from OTL
All processes killed
========== FILES ==========
C:\Documents and Settings\Lee\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst moved successfully.
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32 folder moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Lee\Recent folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Lee folder moved successfully.
C:\Qoobox\Quarantine\C\Documents and Settings folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
C:\Qoobox\BackEnv folder moved successfully.
C:\Qoobox folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Lee
->Temp folder emptied: 108743319 bytes
->Temporary Internet Files folder emptied: 29600507 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 19186826 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 635 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 24972251 bytes

Total Files Cleaned = 174.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05172010_093605

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Lee\Local Settings\Temp\~DF3389.tmp not found!
File\Folder C:\Documents and Settings\Lee\Local Settings\Temp\~DF3399.tmp not found!
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\RZ9P5CJD\10jfw8tc[1].xml moved successfully.
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\QW74XNM3\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_684.dat not found!

Registry entries deleted on Reboot...
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 17th, 2010, 5:33 am

kemsing,
Your computer should be about as clean as we can make it.
You will have some work to get Outlook back the way you want it, but it was unavoidable.
Be careful what you click on.
Good Luck.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 17th, 2010, 7:04 am

Hi Askey
Have run the OTL, but didn't take a back up of e-mails from Outlook.
OTL has removed the outlook .pst file.
Now I can't re-open outlook without this file.
How can I restore a new .pst file so that I can download my e-mails safely?
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 17th, 2010, 7:48 am

kemsing,
You will have to remake the settings for Outlook, or uninstall/re-install Outlook from the Office CD.
You can't restore all the settings and e-mails you had without risk of re-infecting your machine.
There are ways to reset your Outlook; some are here:
http://www.outlook-tips.net/search.htm? ... ch.htm#957
-------------------------------------------------------
A systems/hardware forum can help if you need it. The subject is really outside our purview.,
Good System/Hardware Help Forums
NutNWorks here: http://www.nutnworks.com/forums/forumdisplay.php?f=60
or
GeekstoGo here: http://www.geekstogo.com/forum/Windows-XP-2000-2003-NT-f5.html
or
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
------------------------------------------------------
OR, possibly you can download and install Outlook Express
http://www.softpedia.com/progDownload/O ... ad-40.html

The file is named Outlook.pst and was removed from this folder:
C:\Documents and Settings\Lee\Local Settings\Application Data\Microsoft\Outlook

It is now stored in this folder: C:\_OTL\Moved Files
It is infected. If you restore it to its original location, and happen to open the infected entry, your disaster may start all over again.
If you wish to copy it back to its original location (not recommended), and take a chance the imbedded infection is only a minor one, you would be on your own in doing so.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: HTTPS Tidserv request 2

Unread postby kemsing » May 18th, 2010, 8:35 am

Hi Askey
Thanks for everything, as far as I can see we seem to be up and running and I guess you can close the Ticket. If Anything else occurs will start a new link with a hi Jack this report.
Hope you find the spare time for that Golf !
kemsing
Regular Member
 
Posts: 56
Joined: April 30th, 2010, 12:28 pm

Re: HTTPS Tidserv request 2

Unread postby askey127 » May 18th, 2010, 11:45 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware