Free Malware Removal Forum

[budertv]

Post 3 - Did some limited checking/testing with browser, searches and doc prep - no problems observed.

Thank you, turtledove

[turtledove]

Good evening budertv,

Thank you for the log and the checks. I'll go through these last 2 days posts and be back as soon as possible.

Please Note:
ESET showed an infection known to have backdoor/key-logging ability.
As a precaution, in case, I advise contacting any financial business used on the internet such as banking, credit card, bills and shopping that you may have had those identities stolen by malware.
I would then use a clean computer to change all passwords to those and any other sites you use a password at. Doing so on a compromised system will give the hacker the new information. I'd also keep this off the internet except for coming to this site.

I also will have a couple of more things to have you run but be aware that even if a backdoor was present and we remove what our tools find, that there may be other items that remain we do not find. That means this computer could not be considered safe for financial transactions again without a factory reset or complete full reformat and fresh install.
I'll let you know after another test. I want verification first.
Let me know if you prefer to reformat and I'll provide information for you to do so.

[budertv]

Hello turtledove,
Any idea how long my pc has been infected ??

I don't do any banking on this pc - I do some trading with Scottrade but not for some time - some one tried to get into my account, perhaps purposely, perhaps by accident.
I also do some internet credit card purchases on this pc. I will avoid that for awhile. My wife keeps a close eye on our purchases. We haven't noticed anything out of the ordinary.

You may recall that I believe my hard drive is on its last legs. My new external drive arrived and I have made a mirror copy of my C and D drives. The D drive is a recovery partition. Also, I bought a Windows 7 upgrade disc and I have a Vista CD. My new internal drive should arrive Monday. I plan to put the new internal drive in, install Vista from the Vista CD, upgrade to Windows 7, scan the data on the external for infections, and then, if clean, restore data from the external to the new internal. Then I will "destroy' the old internal disk and reformat the external drive. Any advice on "destroying" the old internal drive ??

How does the plan sound to you ??

Thanks again turtledove, budertv

[budertv]

Oh, one other thing, turtledove. A few days ago, I noticed that my drive was rather active and so I opened up Windows Task Manager and then Resource Monitor. While looking at what things were using disk and network resources, I noticed that several audio file names were in the display. I did some internet searching and found some forums discussing similar situations and discovered that Windows Media Player, when set to share media , becomes a terrible resource hog. As soon as I shut down the sharing, the "problem" went away. I looked at our Windows 7 laptop and did not find a corresponding sharing option for Windows Media Player. Perhaps Microsoft realized the "cost" of sharing media and eliminated that feature in their new OS. Thought you might be interested in that contributor to sluggishness.

[turtledove]

Good evening budertv,

You're welcome
I think installing Vista on the new drive would be best as you have had financial transactions done on the old drive. There is no way to know how long the problem has existed from our logs.

I would advise reinstalling the programs you have now from Original CD/DVD discs or the author/download site.
Any non program files definitely scan before placing them on the new drive. I also would not use the mirrored copy of C drive. And do scan the mirror of D drive first. I also would not use any old Acronis backups. Create a new one once all is reinstalled to have a clean backup.

For the old drive, I would do a complete reformat as that will ensure it is clean. Do not use Quick format.
Keep in mind, that will take out the D partition possibly. If you successfully backed that up, you should be fine; as well you have the Vista Disc if needed which is good.

As you think that drive is going, I wouldn't put anything important on it.

Let me know if you are going to do as you stated, I will then give you information to keep your new setup as safe as possible.

Thank you

turtledove

[budertv]

hello turtledove,

My new external hard drive just arrived. I'm not sure when I will begin the switchover process as my niece is visiting and tying up the laptop which I would want to have available for my use during the switchover process which I envision as being lengthy. If swapping between internal hard drives is easy, I will build the new Windows 7 hard drive first - then I will zap the old drive. If not, I will zap the old drive then build the new drive.

You mentioned some tips for keeping my pc safe - I think I am ready for those now, if you have time.

I currently depend upon PC Tools Internet Security and WinPatrol. I also have BitDefender and MalwareBytes newly available.

Thank you,
budertv

[turtledove]

Good evening budertv,

You're very welcome. Apologies for the delay in responding, had to be away longer than expected.
As you have stated you will rebuild the system, this topic will be done as soon as you let me know you have read and copied the below. You have made the right decision in this case.

Below you will find my all clean message. These you should copy to a usb/thumb drive or CD for reference later. Some items you have already, but I'll post so you have the links in the future, and if you should need a new Anti Virus or Firewall product. Remember use only one each installed at a time. Keep a link to this topic should you need to review this part.

For New Setup
Once Reinstall of your programs is done, make a New Backup with Acronis. Do not use the older backups please.
Run an online scan at ESET as you did earlier to be sure the new system and backup are clean.


Please follow these simple guidelines in order to help keep your computer more secure:



Time for some housekeeping

• Click on Start >> Run...
• Now type in ComboFix /Uninstall into the box and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
  

The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Next


Clean up with OTM

• Double-click OTM.exe to start the program, This tool will remove all the tools we used to clean your pc.
• Close all other programs apart from OTMoveIt3 as this step will require a reboot
• On the OTM main screen, press the CleanUp! button
• Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Perform Disk Cleanup
Note: You have to have administrative rights to run Disk Cleanup for "All" users.

1. Click the Vista Start... button. Type disk in the Start Search text entry box.
2. Double click the Disk Cleanup entry, from the matching program list.
3. In the Disk Cleanup options...select "Files from all users on this computer"
   If the Disk Cleanup: Drive Selection dialog box appears:
   • Select the drive where Windows Vista is installed. (Normally, this would be C:\ drive)
   • Press the "OK"...button.
   Disk Cleanup will begin space saving calculations.
4. When the calculations are finished... Press the More Options tab.
5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
6. Press the "Delete"... button, at the "Are you sure..." prompt.
   Disk Cleanup will begin cleaning up old files and restore points.
7. Exit Disk Cleanup.

This will remove all restore points except the one you just created..

Update your Antivirus programs and other programs regularly.
Secunia Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
Using Windows Update in Windows Vista
What is Windows Update?
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want.

Malwarebytes' Anti-Malware
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

SpywareBlaster
If using Internet Explorer 8 and using the SmartScreen Filter, do not install. Can inhibit browser performance.
Download it from © Javacool Software LLC.
A SpywareBlaster knowledgebase can be found Here.

WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)

Firetrust SiteHound
Software may not be available as it is being rewritten... if so, bookmark site and check again later.
You can find information and download it from © Firetrust Ltd

Read - stay informed.
COMPUTER SECURITY - a short guide to staying safer online

Please check out this article: Some information may be old but the basic safeguards still apply.
How to prevent Malware:© miekiemoes - Microsoft MVP - Consumer Security .


Stay Safe!

**Please post back that you have read and completed the above and that the topic may be closed**

Thank you

turtledove

[Cypher]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.