Your computer was infected with a ROOTKIT. In particular, the TDL3/TDSS rootkit, also known as Win32/Alureon. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
Due to its rootkit functionality, it's impossible to tell what may have been done when the system was compromised.
Therefore it may be prudent to:
1. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
2. Change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password)
What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well done your pc now appears to be Malware free. Please advise on any problems you still have.
Don't forget to re-enable any protection programs you may have disabled during the fix.
Please delete the Gmer random.exe file. It should look like this mbh3vxqk.exe on your desktop.
Remove the Kaspersky online scanner and also HijackThis through Control Panel > Add/Remove Programs (if present)
You can keep TFC.exe to clean out temporary files. I recommend running it once or twice a week.
I recommend keeping MBAM installed. Run a scan once a week.
Uninstall ComboFix
- Click on Start >> Run...
- Now type in ComboFix /Uninstall and click OK.
- Note the space between the X and the /Uninstall, it needs to be there.
The above will implement some cleanup procedures as well as reset System Restore points.
Clean up with OTC
- Download OTC by Old Timer here and save it to your desktop.
- Double click on OTC.exe. Click on CleanUp!.
- You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
- It will restart your computer automatically. If it doesn't, please restart your computer manually.
The above will remove the majority of tools/logs used in the removal process. If any still exist, please delete them yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Now some advice for keeping your pc safe and secure for the future:
- SpywareBlaster
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. You can download it HERE
Note:You will need to manually update it, then click enable all protection at the main screen. Repeat this process every two days. - AnalogX Script Defender
Windows by default allows scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. AnalogX Script Defender will prevent malicious scripts from running on your pc by giving you the option to allow a script or not. You can download it HERE - WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information please visit HERE - Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE
If you do decide to use a Hosts file to block unwanted and dangerous sites and notice a slowdown, you will need to disable the DNS Client Service:
Click Start > Run type services.msc into the Open: box, then click OK.
This will open the Services window.
Scroll down to DNS Client and double click on it.
Click the Stop button to stop the service.
Set Startup type to Manual.
Click OK
Exit the Services window.
Here is a great article by miekiemoes How to prevent Malware
Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.
I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.
Happy surfing and stay clean!
