Free Malware Removal Forum

[Triss]

It's doing the same thing, Avenger sets up scripts etc but doesn't appear to do anything on reboot.

What I meant about Vista security is that I don't have ownership of the folder or any access permission so if I try to view the contents or open or move or delete the folder I get an access denied error. OTMoveIt was getting the same since it's effectively running as me, it didn't have permission to do anything to that folder. By taking ownership I can give myself full control and OTMoveIt should then have no access problems. OTMoveIt seemed to kill and delete the service ok so it should hopefully just be a dead file.

Sorry I know this is your field, I'm an IT consultant so I can't really help trying to think of solutions myself

I am just trying to remember when I ran OTMoveIT I launched it as Administrator by right click, run as... but I didn't actually set the .exe to always run as admin, so when it rebooted it probably ran as me.

[Katana]

What I meant about Vista security is that I don't have ownership of the folder or any access permission so if I try to view the contents or open or move or delete the folder I get an access denied error. OTMoveIt was getting the same since it's effectively running as me, it didn't have permission to do anything to that folder. By taking ownership I can give myself full control and OTMoveIt should then have no access problems. OTMoveIt seemed to kill and delete the service ok so it should hopefully just be a dead file.

It sounds logical, OTMI did stop the service with no problems.
Do you know how to take ownership of the folder ?

If you still can't delete the folder, please run GMER again and post the log

[Triss]

It worked, I took ownership, gave myself full control and deleted the folder, no problems.

Do you still want me to scan with GMER or anything else just to make sure it's cleaned out of the registry etc?

By the way, is there anything special I need to do to uninstall Combofix? I have the exe on my desktop and it's created a folder named Combofix in C: - since it doesn't work I can't really see any value in keeping it.

[Katana]

Let's make sure it is gone, please run GMER again.

We will do a clean up of the tools we have used shortly.

[Triss]

I set GMER to do a full scan of Services, Registry and Files, it came back saying "GMER hasn't found any system modification."

[Katana]

Jackpot !!

Let's tidy up

Please delete RSIT.exe and C:\RSIT (entire folder)
along with Combofix.exe and C:\combofix (entire folder)

You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.


We usually give a nice list of instructions on staying safe and tools to use at this point, but I doubt that most of the info would relate to your machine.

So all I can say is stay safe


Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

Have a happy holidays

[Triss]

That all seems to have cleaned up ok. I'm going to run a few more scans with SuperAntiSpyware and Malwarebytes and AVG over the next few nights just to be sure nothing else snuck in but I am pretty confident it's clean now.

I can't thank you enough for all your help Katana. I hope things quiet down around here for you once all the online christmas shopping induced chaos dies down.

I read the "how did I get infected" one when I first logged on the forums and while I'm always scrupulous about Windows updates, antivirus, antispyware etc, I've already installed a number of extra apps (Firefox, SpywareGuard, SpywareBlaster...) based on the excellent advice there. I do know exactly how I got infected though. Lessons learned 1) don't go on Facebook at 2am when you're half braindead sleepy, and 2) if you do go on Facebook at 2am, DON'T allow a "really funny video" to install a "flash player update" when you know darn well your flash player is completely up to date >.< it really was remarkably stupid.

Anyway, I'm off to try to find a 64 bit personal Firewall, I've managed Antivirus and Antispyware but when I tried to install a firewall I could only find 32 bit ones.

Thanks again and have an awesome Holiday Season!!!

[Katana]

Vista's own firewall is reasonably good if configured correctly.

[NonSuch]

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.