MalWare Removal Forum

Hi.

Good and thanks for the update.

It would appear to myself that malware had gained a foothold in the InProcServer32 settings of your machine, so the aforementioned was one of the access points. As to how this happened I am not completely sure to be honest but it may have been something innocuous clicked on by mistake for example. Regarding Norton as with any Anti-Virus software it is only as good as the internal data-base is and what it is able to detect, that is why it is very important to keep all security related applications up-to date and use layered protection. I will explain further about the latter after I have gave the all clear.

We do have some further tasks to complete the Malware Removal process and some installations of updated software also next time round. So please bare with myself as it would be in your own best interest from a online security point of view, thank you.

Reset Vista SP2 Firewall:

Click on Start(Vista Orb) >> Run... and cut/paste in the following and click on OK
Or Start(Vista Orb) >> Control Panel >> Windows Firewall

Click on the Change Settings >> Advanced >> Restore Defaults >> At the prompt click on Yes >> OK

Now click back on Change Settings again >> General >> and select Off(not recommended) >> Apply >> OK.

Note: No need for it to be active after the reset because the Norton 360 application installed has a firewall component.

Custom ComboFix-Script:

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  Code:
  Driver::
  KernExplorer
  CDLauncher
  vseamps
  vsedsps
  vseqrts
  CDAVFS
  
  File::
  c:\windows\system32\drivers\CDAVFS.sys
  
  Folder::
  c:\program files\Lavasoft\Ad-Aware
  c:\users\Mike\AppData\Local\CyberDefender Internet Security
  c:\program files\Common Files\Authentium
  
  Registry::
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  "EnableUIADesktopToggle"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000000
  
  RegLock::
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  
  ReBoot::
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

Caution: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Please go here to run the scan...Click on
  
  Quote:
  Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
  All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow the Add-On/Active X to install.
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications
  
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology
• Now click on:
• The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any further symptoms and or problems encountered?
• ComboFix Log.
• ESET Log.

Hi

ESET Online Scanner

When I clicked on your link for ESET (the link shows: http://www.eset.co.uk/Antivirus-Utiliti ... ne-Scanner) I saw the Scan Now button for the online scan. However, the link was to a popup...http://www.eset.com/us/online-scanner-popup/ where it only offers a download version. There was no accept Terms or a Start button on the page. Your thoughts would be appreciated.

Prior to this I ran ComboFix pursuant to your instructions, but will hold off posting the log until receipt of further instructions.

Regards!
theglobal
_________________

It just occurred to me that the popup has a /us/in its web site name. Perhaps online scanning is not available in the USA?

Hi.

Your the second person I am assisting(in a different forum) who has brought this problem with Eset to my attention...uninstalled my own online scanner and tried it and encountered no problems at all. So please try it again and if still the same problem merely run the alternative online scan below.

Panda Online Scan:

Please go here to run Panda's ActiveScan

• Once you are on the Panda site, click the Scan your PC now button
• A new window will open...click the Scan Now button
• Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
• Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
• When the scan has finished, click on Export To
• Save the file as Activescan.txt to your Desktop
• Close the Activescan window then go to your Desktop
• Double-click on Activescan.txt and it will open in Notepad
• In Notepad, click Edit > Select all, then Edit > Copy
• Reply to this thread and click Ctrl+V to paste the log in your reply

_________________

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Malware Removal forum, include a
fresh DDS log, and wait for a new helper.