Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! Virus that I cannot get rid of - 'Gala Search'

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help! Virus that I cannot get rid of - 'Gala Search'

Unread postby bmurrie » December 14th, 2010, 12:32 pm

Hi, here is the ESET log:

C:\Documents and Settings\All Users\Application Data\307c785\CU307c.exe a variant of Win32/Kryptik.DKE trojan
C:\System Volume Information\_restore{E462471B-EF85-480B-BA9B-0089135E849C}\RP308\A0059867.exe a variant of Win32/Adware.FakeAntiSpy.S application


Computer is 'sprinting' along now :-) And I'm actually able to post this from the computer itself (instead of a separate laptop), so looking good! Thanks again :-) :-)
bmurrie
Member+
 
Posts: 24
Joined: December 8th, 2010, 10:33 pm
Advertisement
Register to Remove

Re: Help! Virus that I cannot get rid of - 'Gala Search'

Unread postby Cypher » December 14th, 2010, 12:54 pm

Hi bmurrie.
Computer is 'sprinting' along now :-) And I'm actually able to post this from the computer itself (instead of a separate laptop), so looking good!
Good news :)
Just one thing left to deal with then you're good to go.

Delete file/folder
Press Start > Run, copy/paste the following command into the box and press OK: Do not include the word quote:
cmd /c del /F C:\Documents and Settings\All Users\Application Data\307c785

A blank command window will open on your desktop, then close in a minute or two. This is normal.



This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

OTC

Download OTC by Old Timer and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help! Virus that I cannot get rid of - 'Gala Search'

Unread postby bmurrie » December 14th, 2010, 8:04 pm

Thank you so much for all your help! I will perform the last fix and download some of those free programs to use going forward. I was at a complete loss as to what to do with the computer, so I very very much appreciate your help :-)
bmurrie
Member+
 
Posts: 24
Joined: December 8th, 2010, 10:33 pm

Re: Help! Virus that I cannot get rid of - 'Gala Search'

Unread postby Cypher » December 15th, 2010, 6:46 am

Hi bmurrie.
Thank you so much for all your help!

You're most welcome :)
Good luck and stay safe.
As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware