Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bad Explorer.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Bad Explorer.exe

Unread postby SteelRider » October 24th, 2010, 9:18 pm

Hello,

Thanks for your help.

Avast reports Win32:Bamital-AF in explorer.exe.

When I try to run Explorer from the Start menu I get a window that says:
C:\Windows\explorer.exe
Operation did not complete successfully because the file contains a virus.


I haven't a clue how I got this. I just started a program that I ran many times before and AVG (my AV program at the time) began giving multiple instances of bad explorer.exe. I uninstalled AVG (I had been meaning to anyway) and installed Avast and I got a similar report one time.

I tried MalwareBytes and TrojanRemover with no luck--they didn't even find it.

Here are my HijackThis log and my uninstall list:

*****HighJackThis Log*****

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:16 PM, on 10/24/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\John\Desktop\HiJackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 4856 bytes

*****Uninstall Log*****

Acrobat.com
Acrobat.com
Across Lite
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Alfred's Interactive Musician
Any Video Converter 3.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Avery LabelPro 3.0
Bonjour
CDBurnerXP
Convert VOB to AVI 1.7
ConvertXtoDVD 4.0.12.327
DesignPro 5.4 Limited Edition
Digital Guitar Tuner 2.3
DVDFab 8.0.0.2 (23/08/2010)
ffdshow [rev 2202] [2008-10-10]
Foxit Reader
Free Burn MP3-CD v1.2
Free DVD Creator version 2.0
Free DVD ISO Burner version 1.2
Free ISO Creator version 2.8
Guitar Pro 5.2
Ideal DVD Copy V3.2.3
iSEEK AnswerWorks English Runtime
iTunes
iZotope iDrum
iZotope iDrum Factory Content
Linksys Wireless-G Print Server
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
OJOsoft VOB Converter
PowerDesk 7
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sony Picture Utility
Star Envelope Printer Pro v4.10
TaxACT 2008
TaxACT 2008 Pennsylvania
Trojan Remover 6.8.2
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2410711)
Windows 7 Manager
Windows Media Player Firefox Plugin
WinZip 14.0
Xilisoft Video Converter Ultimate
Xvid 1.2.1 final uninstall
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » October 27th, 2010, 4:31 am

Hi SteelRider

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » October 27th, 2010, 6:53 pm

Hello Peku006,

Thank you for helping me with my problem.

I have downloaded ComboFix to my desktop as directed. However, I cannot run the program. When I double click on the icon, I get a window that says:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.


I am running an administrator account, and I even selected "Run as administrator" with no luck.

What do I have to do to make it work?
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby SteelRider » October 27th, 2010, 9:30 pm

I had some success, sort of.

I had initially disabled all of my security programs, including Comodo Firewall. I found that, if I re-enabled Comodo, I was able to run ComboFix. However, after the reboot, the firewall put some of the ComboFix files in a sandbox. There were a lot of "access denied" lines in the command window. ComboFix did complete, however and did generate the log. It is pasted below.

If you want me to run ComboFix again, I can completely uninstall the firewall before I do.

COMBOFIX LOG*******************

ComboFix 10-10-26.04 - John 10/27/2010 20:45:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2046.1464 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\John\AppData\Roaming\inst.exe
c:\users\John\AppData\Roaming\Microsoft\AdjMmsVista.dll

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe

Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 01:11 . 2010-10-28 01:13 -------- d-----w- c:\users\John\AppData\Local\temp
2010-10-28 01:11 . 2010-10-28 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-28 00:42 . 2010-10-28 00:43 -------- d-----w- C:\32788R22FWJFW
2010-10-27 23:38 . 2010-10-28 00:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-27 23:38 . 2010-10-27 23:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-26 18:28 . 2010-10-18 13:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AA9F9EC-6F2F-4F3E-AA7C-762C034170F3}\mpengine.dll
2010-10-25 02:06 . 2010-10-25 02:06 -------- d-----w- C:\VritualRoot
2010-10-25 02:06 . 2010-10-25 02:17 -------- d-----w- c:\programdata\COMODO
2010-10-25 02:04 . 2010-10-25 02:04 -------- d-----w- c:\program files\COMODO
2010-10-25 01:49 . 2010-10-25 01:49 -------- d-----w- c:\program files\KeyScrambler
2010-10-25 01:49 . 2010-02-11 15:03 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-10-24 23:56 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-24 23:56 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-24 23:56 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-24 23:56 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-24 23:56 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-24 23:55 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-24 23:55 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-24 23:55 . 2010-10-24 23:55 -------- d-----w- c:\programdata\Alwil Software
2010-10-24 23:55 . 2010-10-24 23:55 -------- d-----w- c:\program files\Alwil Software
2010-10-24 23:14 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-10-24 23:14 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-10-24 23:14 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-10-24 23:14 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-10-24 23:14 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-10-24 23:14 . 2010-10-25 01:38 -------- d-----w- c:\program files\Trojan Remover
2010-10-24 23:14 . 2010-10-24 23:14 -------- d-----w- c:\users\John\AppData\Roaming\Simply Super Software
2010-10-24 23:14 . 2010-10-24 23:14 -------- d-----w- c:\programdata\Simply Super Software
2010-10-21 20:40 . 2010-10-21 20:40 -------- d-----w- c:\users\John\AppData\Roaming\AnvSoft
2010-10-21 20:40 . 2010-10-21 20:40 -------- d-----w- c:\program files\AnvSoft
2010-10-21 00:02 . 2010-10-21 00:02 -------- d-----w- c:\program files\Common Files\Common Share
2010-10-21 00:02 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-10-21 00:02 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-10-21 00:02 . 2010-10-21 00:02 -------- d-----w- c:\program files\OJOsoft
2010-10-20 23:50 . 2010-10-20 23:50 -------- d-----w- c:\program files\Convert VOB to AVI
2010-10-19 23:43 . 2010-10-19 23:44 -------- d-----w- c:\programdata\Deskshare
2010-10-19 23:43 . 2010-10-19 23:43 -------- d-----w- c:\windows\XSxS
2010-10-19 23:43 . 2010-10-19 23:43 -------- d-----w- c:\users\John\AppData\Local\Xenocode
2010-10-19 23:43 . 2010-10-19 23:43 -------- d-----w- c:\program files\Xenocode
2010-10-19 23:43 . 2010-10-19 23:43 -------- d-----w- c:\program files\Deskshare
2010-10-19 23:43 . 2010-10-19 23:43 -------- d-----w- c:\program files\Xvid
2010-10-19 23:43 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-19 23:43 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-19 23:43 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-10-19 23:34 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\Unicows.dll
2010-10-19 23:07 . 2010-10-20 00:10 -------- d-----w- c:\program files\Blaze Media Pro
2010-10-19 23:06 . 2010-10-20 22:21 -------- dc-h--w- c:\programdata\~0
2010-10-19 23:06 . 2010-10-19 23:06 -------- d-----w- c:\users\John\AppData\Local\PackageAware
2010-10-19 22:53 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-10 00:12 . 2010-10-10 00:12 -------- d-----w- c:\program files\iPod
2010-10-10 00:12 . 2010-10-10 00:12 -------- d-----w- c:\program files\iTunes
2010-10-10 00:10 . 2010-10-10 00:10 -------- d-----w- c:\program files\Bonjour
2010-10-10 00:06 . 2010-10-10 00:06 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-10 00:01 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 15:46 . 2010-10-19 22:52 -------- d-----w- C:\Movies for Flash Drive
2010-09-28 13:48 . 2010-09-28 13:48 -------- d-----w- c:\users\John\AppData\Roaming\Xilisoft Corporation
2010-09-28 13:45 . 2010-09-28 13:45 -------- d-----w- c:\program files\Xilisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 02:15 . 2010-06-01 23:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-10-25 02:15 . 2010-06-01 23:00 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-10-25 02:15 . 2010-06-01 23:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-10-25 02:15 . 2010-06-04 15:55 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-10-25 02:15 . 2010-06-01 23:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-10-19 15:41 . 2009-11-15 21:15 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-21 17:03 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 01:33 . 2009-12-10 01:02 364 ----a-w- c:\program files\BRUMC Backup.bat
2000-03-09 05:45 . 2009-11-16 00:07 96256 ----a-w- c:\program files\TCLOCKEX.DLL
2000-03-09 05:15 . 2009-11-16 00:07 89088 ----a-w- c:\program files\TCLOCKEX.EXE
2000-02-03 07:46 . 2009-11-16 00:07 53760 ----a-w- c:\program files\TCSET.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TCLOCKEX.EXE" [2000-03-09 89088]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF17317.cfxxe" [X]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-10-25 2500552]

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-7-17 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
"DisableThumbnails"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSDiagnosticM]
2007-02-27 21:29 315392 ----a-w- c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\DRIVERS\lknucmp.sys [2006-12-15 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-04 1343400]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-10-25 236088]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-10-25 30112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
S3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\DRIVERS\lknuhst.sys [2006-12-15 13824]
S3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\DRIVERS\lknuhub.sys [2006-12-15 35840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]

.
Contents of the 'Scheduled Tasks' folder
c:\windows\Tasks\At1.job
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\og71tgz7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\og71tgz7.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\og71tgz7.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\guard32.dll

- - - - - - - > 'Explorer.EXE'(1748)
c:\windows\system32\guard32.dll
c:\windows\System32\ieframe.dll
c:\program files\TCLOCKEX.DLL
.
Completion time: 2010-10-27 21:18:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-28 01:18

Pre-Run: 265,973,035,008 bytes free
Post-Run: 265,918,758,912 bytes free

- - End Of File - - 08F1896F84BB2F27A823D0380F53356D
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » October 28th, 2010, 3:53 am

Hi SteelRider

good job.. :)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    wininit.exe
    explorer.exe
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » October 28th, 2010, 8:48 am

Peku006,

Thank you for your timely assistance.

Here is the SystemLook log:



SystemLook 04.09.10 by jpshortstuff
Log created at 08:41 on 28/10/2010 by John
Administrator - Elevation successful

========== filefind ==========

Searching for "wininit.exe"
C:\Windows\System32\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows.old\Windows\System32\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe --a---- 96256 bytes [23:36 13/07/2009] [01:14 14/07/2009] B5C5DCAD3899512020D135600129D665

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2614272 bytes [23:45 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe --a---- 2613248 bytes [22:03 15/11/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe --a---- 2614272 bytes [23:45 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe --a---- 2613248 bytes [22:03 15/11/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe --a---- 2614272 bytes [23:45 26/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917
C:\Windows.old\Windows\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe --a---- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F

-= EOF =-
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » October 28th, 2010, 9:24 am

Hi SteelRider

Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » October 29th, 2010, 7:06 pm

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4993

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/29/2010 6:58:57 PM
mbam-log-2010-10-29 (18-58-57).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 301469
Time elapsed: 1 hour(s), 21 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F8KFQ31R\s32live[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOZHRQ5V\ldls[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
D:\Atemp\Setup\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » October 30th, 2010, 3:50 am

Hi SteelRider

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » October 31st, 2010, 7:12 pm

Hi Peku006,

I downloaded CKScanner to my Desktop. I ran it 3 or 4 times and it doesn't seem to come up with anything.

Here is the latest log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----


Thanks.
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » November 1st, 2010, 4:21 am

Hi SteelRider
TFC (Temp File Cleaner)

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » November 2nd, 2010, 10:38 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, November 2, 2010
Operating system: Microsoft Professional (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, November 02, 2010 16:14:05
Records in database: 4203178
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 115645
Threats found: 2
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 03:15:17


File name / Threat / Threats count
D:\Save Files-Laptop\Atemp\Malware Programs\Trojan.Remover.v6.8.1.2.zip Infected: Trojan.Win32.Sasfis.aufy 1
D:\Save Files-Laptop\Blu-Ray to DVD Pro v.1.30.rar Infected: Trojan.Win32.Monderd.gen 2

Selected area has been scanned.
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » November 3rd, 2010, 4:23 am

Hi SteelRider

Please delete these files

D:\Save Files-Laptop\Atemp\Malware Programs\Trojan.Remover.v6.8.1.2.zip
D:\Save Files-Laptop\Blu-Ray to DVD Pro v.1.30.rar

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Bad Explorer.exe

Unread postby SteelRider » November 4th, 2010, 7:38 pm

Hi Peku006,

I have deleted the two files and removed them from my recycle bin.

Here is the Security Check file:

Results of screen317's Security Check version 0.99.6
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Adobe Flash Player 10.1.85.3
Adobe Reader 9.4.0
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


The computer is running fine. Windows Explorer and all other programs work as expected.
SteelRider
Active Member
 
Posts: 8
Joined: October 24th, 2010, 8:32 pm

Re: Bad Explorer.exe

Unread postby peku006 » November 5th, 2010, 3:32 am

Hi SteelRider

Your log now appears to be clean. Congratulations!

To remove all of the tools we used and the files and folders they created do the following:

Delete SystemLook , CKScanner and Security Check from your desktop.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point:

    Turn off System Restore-Vista
    • Click the Vista/Start icon.
    • Right Click >> Computer
    • Click Properties.
    • Click the System Protection tab.
    • Uncheck All drives
    • Click Turn Off System Restore at the prompt then click Apply.
    • Restart your computer.
    Turn ON System Restore-Vista
    • Click the Vista/Start icon
    • Right Click >> Computer
    • Click Properties.
    • Click the System Protection tab.
    • Checkmark All drives that were selected previously then click Apply.

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

    Visit Microsoft often to get the latest updates for your computer.
    http://www.update.microsoft.com

    Here are some things that I think are worth having a look at if you don't already know a bout them:.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see HERE. You can download SpywareBlaster from HERE.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead: Firefox or Opera

Here is a great article by miekiemoes How to prevent Malware.

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware