Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unidentified malware on Admin user account

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 12th, 2010, 9:03 am

Hi. :)

Before we proceed any further please post the contents of the ComboFix log. It can be located here:-

C:\ComboFix
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 12th, 2010, 7:30 pm

There is no log file present at the root or elsewhere. Interestingly, there is a file, of file type "File" named ComboFix at C:\Combofix. However, in windows it merely acts as a UNIX style Symlink back to C:\ and cause therefore a recursive loop when doing a search for ComboFix in the windows search utility. At a command prompt however, if I cd C:\Combofix and dir, I get what appears to be a listing of the combofix inner workings. But no log. Attached is a picture of the Windows search output.
You do not have the required permissions to view the files attached to this post.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 12th, 2010, 7:32 pm

fyi, dir command in "C:\" lists "\ComboFix\" as [DIR] file type
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 13th, 2010, 5:44 am

Hi. :)

Nothing is easy with this particular machine! :roll: :lol:

OK levity aside, do you have the Vista DVD? As we may very well need this.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> Right-click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run...(or the Windows key and R together) to bring up the Run box and cut/paste in the following and click on OK
Code: Select all
firewall.cpl
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select On(recommended) >> Apply >> OK.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code: Select all
:OTL
DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
IE - HKU\S-1-5-21-1214440339-1935655697-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
[2008/05/12 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Mark Young\AppData\Roaming\LimeWire
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Commands
[EmptyTemp]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

ESET Online Scanner:

Note: Use Internet Explorer for this scan. You will however need to disable the current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this may take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable the Anti-Virus application after running the above scan!

When completed the above, please post back the following:

  • Inform myself how the computer is running. Any problems encountered?
  • Answer to my Vista DVD query.
  • OTL Log.
  • ESET Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Unidentified malware on Admin user account

Unread postby helpintoledo » August 14th, 2010, 12:22 am

Dakeyras, I would like to thank you for all your help in this matter. Unfortunately, the owner of the pc has taken it back, for better or worse (for what it's worth his wife reports it is working just fine, however long that may last). I really would have liked to have seen this through to a proper completion, but he decided he needed access to his computer for a couple reasons. I really dislike not being able to defeat something like this, but please know I am fully aware that you gave all the help that you could, especially considering my schedule. Please feel free to close this thread. Thanks again and take care.
helpintoledo
Regular Member
 
Posts: 52
Joined: February 24th, 2010, 9:39 pm

Re: Unidentified malware on Admin user account

Unread postby Dakeyras » August 14th, 2010, 7:04 am

OK, you're welcome and thank you for the courtesy of informing myself. Not a ideal situation and it would have been far better if your friend had exhibited some patience and let us see the malware removal process through.............However I will respect the decision as the machine in question is their property after all. :)

--------------

Since we have done all we can, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware