Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible rootkit after installing CutePDF Writer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » September 1st, 2014, 12:05 am

Hello rbd,

Does it mean the 3 AVs that reported an issue with the file were wrong, or at least it was a false positive?
I meant that I got exact information I was needed to make the right decision... ;)

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps.

Step 1.
OTL - Run Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    
  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
OTL-Cleanup
You should still have OTL on your desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.

Step 3.
Remove all used tools and their log files not removed by OTL if they remain on your desktop.
  • AdwCleaner
  • DDS
  • JRT
  • TDSSKiller
  • ZOEK

Step 4.
Hide Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
  5. Click on the View tab, then under the "Hidden files and folders" section
    • UNSELECT "Show hidden files and folders"
    • Place check mark in check box "Hide extensions for known file types"
    • Place check mark in check box "Hide protected operating system files"
  6. Press the Apply, then the OK buttons.

Then:
  • Please don't forget to enable and update all your defense software!

Finally:
Please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » September 1st, 2014, 5:15 pm

Hi pgmigg,

That's great news! :D
Thank you very much for your help!


I have followed your instructions and read the guide you recommended to read. I also deleted the other files left on my desktop from the tools you used.
However I have found the following folders and files under the C:\ folder:
- AdwCleaner [folder]
- zoek_backup [folder]
- zoek-results.log [file]

Can I delete them too?



QUESTIONS

1) What really happened to my computer? Was it really a rootkit? or other malware?

2) As I said at the beginning, I downloaded CutePDF Writer from the official website and during the installation I unticked all the boxes that asked me to download that unwanted stuff (Ask or Comodo Dragon), so how did it get installed anyway?
(When I installed the same PDF printer driver on my other laptop I don't remember it asking me to install the other stuff. Maybe because it was years ago and an old version which wasn't polluted with those other programs yet...)

3) If in future I need to re-install CutePDF driver again (on my laptop or another computer), is there a way to prevent those infections to attack the machine?
I knew CutePDF to be a good one, but my trust is now shaken. Is it still a safe application to use?


If I may ask also two unrelated questions... no problems if you cannot accept to answer them!

4) On my older laptop with WinXP I had (still have) the following:
SpywareBlaster
Spybot S&D
MalwareBytes Anti-Malware (free version, only for running scans)

On my new laptop with Win7 I have Defender built in. Can I install also any of the above, especially Spywareblaster or MBAM or both?
If not, can I disable Defender and install the 3 above? As far as I hear and read Microsoft safety products are not the most powerful ones. Would you recommend doing this?

5) The old laptop is slow. I don't use it on Internet because I understand with XP it's not safe. If I was to re-pave it (I would follow the instructions on this forum), would I still be offered afterwards by WindowsUpdate website all the fixes/updates released from the moment I bought that laptop until the 8th April 2014?
(For example the laptop had XP SP2 pre-installed, and I got SP3 via updates)
Basically I know there are no more new updates to XP, but are the old ones still available?
Should I ask Microsoft?
If I re-pave it, I don't want to be left with an even older configuration.


Thanks again for your help and for any answers you can give me.
Regards,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby pgmigg » September 2nd, 2014, 11:14 am

Hello rbd,

- AdwCleaner [folder]
- zoek_backup [folder]
- zoek-results.log [file]

Can I delete them too?
Yes, sure!

1) What really happened to my computer? Was it really a rootkit? or other malware?
There were no Rootkit or any other hard viruses. I cleaned up your computers and removed minor infections...
2) As I said at the beginning, I downloaded CutePDF Writer from the official website and during the installation I unticked all the boxes that asked me to download that unwanted stuff (Ask or Comodo Dragon), so how did it get installed anyway?
Unfortunately, even a very cautious approach to the installation program does not always save, especially if downloaded software is free. Nobody can guarantee that even downloading from the "official website" will be free from any third party applications which may be installed under the cover and without your permission. At least that copy of CuteWriter.exe was infected somehow and deleted during our fixes.
If in future I need to re-install CutePDF driver again (on my laptop or another computer), is there a way to prevent those infections to attack the machine?
I knew CutePDF to be a good one, but my trust is now shaken. Is it still a safe application to use?
Yes, I guess that the application itself is safe for using. Dangerous or harmful is it the installation program which allows to install something hidden. To avoid such problems in the future, it is necessary not only to disagree with any suggestions to download and install something third, but also carefully to answer the questions during the installation of the program is that you wish. It so happens that the questions are composed tricky and simple answer "yes" may actually mean "no"!
4) On my older laptop with WinXP I had (still have) the following:
SpywareBlaster
Spybot S&D
MalwareBytes Anti-Malware (free version, only for running scans)

On my new laptop with Win7 I have Defender built in. Can I install also any of the above, especially Spywareblaster or MBAM or both?
If not, can I disable Defender and install the 3 above? As far as I hear and read Microsoft safety products are not the most powerful ones. Would you recommend doing this?
Personally I cannot recommend you to use Spybot S&D with Windows 7. Installation of MalwareBytes Anti-Malware (MBAM - free version, only for running scans) is good idea. The SpywareBlaster (ver. 5.0 with updates) may be used too. It is believed that every computer needs one ativirus program (Avast in your case - it is excellent defender) and one active spyware/malware detector such as Windows Defender. From time to time you can run MBAM scan. It is enough!
5) The old laptop is slow. I don't use it on Internet because I understand with XP it's not safe. If I was to re-pave it (I would follow the instructions on this forum), would I still be offered afterwards by WindowsUpdate website all the fixes/updates released from the moment I bought that laptop until the 8th April 2014?
(For example the laptop had XP SP2 pre-installed, and I got SP3 via updates)
Basically I know there are no more new updates to XP, but are the old ones still available?
Should I ask Microsoft?
If I re-pave it, I don't want to be left with an even older configuration.
The era of Windows XP is over! However, you can find all required information on Support for Windows XP has ended Microsoft page.

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Possible rootkit after installing CutePDF Writer

Unread postby rbd » September 2nd, 2014, 4:29 pm

Hi pgmigg,

I have deleted the file/folders.

Many thanks for your answers. I will follow your comments/suggestions.

And thanks again for all your help. You guys are really great!

Regards,
rbd
rbd
Regular Member
 
Posts: 101
Joined: November 3rd, 2011, 10:05 pm

Re: Possible rootkit after installing CutePDF Writer

Unread postby NonSuch » September 2nd, 2014, 5:19 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 107 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware