GeekPolice Tech TutorialsLog in

 

Possible Malware

Share

descriptionSolvedRe: Possible Malware

more_horiz
It's not unusual for TeamViewer to run in the background, so that probably was not a true problem.

For Firefox, press options button > help > About Firefox. Check for updates.

If updating it did not resolve problem, refresh Firefox: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

descriptionSolvedRe: Possible Malware

more_horiz
What about the Defogger issue?  I attempted to use Defogger to Reenable, and an error message came up stating, unable to open file.

descriptionSolvedRe: Possible Malware

more_horiz
Oh that, sorry. Temporarily disable realtime protection for Avast and then try Defogger again.

descriptionSolvedRe: Possible Malware

more_horiz
Delfix

# DelFix v1.013 - Logfile created 22/10/2017 at 19:28:13
# Updated 17/04/2016 by Xplode
# Username : Teressa - PROSPERITY
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\JavaRa.log
Deleted : C:\TDSSKiller.3.1.0.15_24.06.2017_03.11.47_log.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\Addition.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\ComboFix.exe
Deleted : C:\Documents and Settings\Teressa\Desktop\Defogger(1).exe
Deleted : C:\Documents and Settings\Teressa\Desktop\JRT.txt
Deleted : C:\Documents and Settings\Teressa\Desktop\tdsskiller.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\ComboFix.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\Defogger.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\JRT.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\MiniToolBox.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\OTLPEStd.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\SecurityCheck.exe
Deleted : C:\Documents and Settings\Teressa\My Documents\Downloads\ZHPCleaner-2017.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #2893 [System Checkpoint | 10/09/2017 22:12:10]
Deleted : RP #2894 [System Checkpoint | 10/11/2017 01:11:23]
Deleted : RP #2895 [Software Distribution Service 3.0 | 10/11/2017 08:04:19]
Deleted : RP #2896 [Software Distribution Service 3.0 | 10/11/2017 22:09:42]
Deleted : RP #2897 [Software Distribution Service 3.0 | 10/11/2017 22:38:43]
Deleted : RP #2898 [Software Distribution Service 3.0 | 10/12/2017 01:23:27]
Deleted : RP #2899 [Software Distribution Service 3.0 | 10/12/2017 05:24:02]
Deleted : RP #2900 [Software Distribution Service 3.0 | 10/12/2017 05:45:52]
Deleted : RP #2901 [System Checkpoint | 10/13/2017 07:32:34]
Deleted : RP #2902 [System Checkpoint | 10/14/2017 11:13:55]
Deleted : RP #2903 [System Checkpoint | 10/15/2017 19:47:01]
Deleted : RP #2904 [System Checkpoint | 10/17/2017 01:17:53]
Deleted : RP #2905 [System Checkpoint | 10/18/2017 12:13:49]
Deleted : RP #2906 [System Checkpoint | 10/19/2017 16:44:55]
Deleted : RP #2907 [System Checkpoint | 10/20/2017 22:53:39]
Deleted : RP #2908 [System Checkpoint | 10/21/2017 23:28:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

descriptionSolvedRe: Possible Malware

more_horiz
1) I was finally able to run Defogger, by going into Safe Mode as administrator.  It would not run otherwise, even with Avast deactivated.  Log Info is posted above.

2) I still have a lot of other tools in my PC that were used to attack the PUPS, Un Hide, Speccy, JRT, McShield, WR Tray. Tweaking, Heindal, Hitman Pro, ZHPCleaner, PC HUnter, SFXFix, Sanity Check, Defogger.  There may be more that are not listed above.  McShield is always running now, should I keep this?  What should I do with the others?

3) I have attempted to run the USB Vaccination program, however the option to vaccinate the computer is highlighted as an option to choose, but in the USB section, the option to vaccinate my external drive is grayed out.  It states, L:\(NTFS) Support disabled, consult help.  I have tried to disable Avast, and tried going into safe mode as admin., but I can not get it to work.  I have even unplugged the external drive, turned off the PC, plugged it back in and turned the PC back on.

descriptionSolvedRe: Possible Malware

more_horiz
Thanks for the update, because I was just going to ask that. Please do not proceed with USB vaccine, because those drives are locking other tools out, meaning the drives are already vaccinated. Smile... This is because Avast is protecting them with a driver. (A good thing!)

For the leftover malware removal tools, please first check your Add/Remove programs list for the items, and uninstall things that you do not approve of or need (such as the malware removal tools). If you cannot find them in the list, for any of them leftover, please right-click and delete them one-by-one.

Then, please do the following:
Press Start > Run, type in CMD and hit OK... at the prompt, type the following command, and then copy and paste the logfile back here:
dir c:\ >log.txt&&log.txt

descriptionSolvedRe: Possible Malware

more_horiz
How is this progressing? Should it be marked as solved?

descriptionSolvedRe: Possible Malware

more_horiz
I uninstalled Tweaking.com and Sanity Check.  One of these went crazy removing things, and I wasn't sure if I made I mistake.  Should I have uninstalled these?

I have kept McShield.  Should I remover, Un Hide, Speccy, JRT, WR Tray., Heindal, Hitman Pro, ZHPCleaner, PC HUnter, SFXFix, and Defogger and I think Combofix ?

This is the log you requested

 Volume in drive C has no label.
 Volume Serial Number is 4C24-412F

 Directory of c:\

03/16/2010  01:18 PM              0a50dd6afc3b0e5d4a384b
05/04/2006  11:00 PM              2000IRC2
03/16/2010  07:37 PM              2012
02/15/2004  03:32 AM              52d23f3650485ff4e6556b
06/12/2010  03:03 AM              5bda237df9bb4f1fd9059e54
12/15/2003  07:54 AM              88a3314e4731faece3
05/30/2013  11:22 PM              A Pictures
02/11/2007  12:11 PM              a130982ba27e542030f7
08/22/2007  07:18 PM              ARACHNE
09/03/2002  09:59 AM                 0 AUTOEXEC.BAT
06/21/2010  06:25 PM              AVATAR
11/26/2009  05:35 AM              AVGTemp
06/14/2010  10:45 PM           173,288 avi_log.txt
06/17/2009  06:25 PM               211 Boot.bak
08/04/2004  12:00 AM           260,272 cmldr
07/02/2009  12:03 PM              Combo-Fix
10/25/2017  03:21 AM              Config.Msi
09/03/2002  09:59 AM                 0 CONFIG.SYS
06/17/2017  07:10 PM              ConverterOutput
10/22/2017  07:29 PM             3,004 DelFix.txt
04/19/2007  03:16 AM              DELL
12/15/2003  07:31 AM             6,146 DELL.SDR
04/23/2011  03:00 PM              Documents and Settings
12/15/2003  07:23 AM              DRIVERS
10/31/2017  04:53 AM                 0 drwtsn32.log
08/19/2005  12:38 PM           247,926 Five Star Invoice Esther Herrer.pdf
09/04/2005  03:09 PM           247,813 Five Star Invoice Josh Harris.pdf
09/19/2005  12:06 AM           339,281 Five Star Invoice Paul House.pdf
01/29/2016  12:04 PM              found.000
07/15/2007  05:09 PM              gs
04/22/2004  02:09 PM              HTML Ebay Folder
10/14/2016  01:01 PM              I386
07/16/2007  03:11 AM               160 Index.html
03/20/2013  11:37 PM             1,713 InstallHelper.log
09/03/2002  09:59 AM                 0 IO.SYS
08/22/2007  07:10 PM             2,011 IPH.PH
07/16/2007  03:13 AM           892,928 Learn How I Make $1000.00 in one day.pdf
08/28/2016  01:11 AM              LGD415RD
08/29/2016  02:22 AM              LGMobileUpgrade
07/08/2005  01:41 AM              Media
09/03/2002  09:59 AM                 0 MSDOS.SYS
10/02/2005  11:20 PM              MSOCache
01/17/2015  11:35 AM              Multimedia Files
12/15/2003  08:05 AM              My Music
01/21/2014  01:24 AM              Netgear
07/16/2009  03:34 PM           417,792 NPcol305.dll
06/07/2006  02:25 AM              One.htm
10/31/2017  05:36 AM              Program Files
10/30/2017  05:38 AM            86,914 R2D2 Insurance Card.jpg
07/02/2009  12:01 PM              RECYCLER(3)
07/18/2007  08:17 PM                26 register.js
10/08/2017  03:30 AM                18 repair_starting.dat
06/25/2017  04:01 PM             4,598 resetlog.txt
11/24/2009  07:03 AM              spoolerlogs
02/28/2015  05:21 AM              SUPERDelete
10/07/2005  02:35 PM            26,201 Team Roster Fall The Raptors 2005.pdf
06/11/2010  11:15 PM              temp
07/17/2007  11:53 AM              unzipped
09/08/2017  02:00 AM              vpp_temp
01/29/2012  04:23 AM              weather4
10/31/2017  04:55 AM              WINDOWS
04/26/2004  11:03 PM              WUTemp
05/14/2017  03:52 PM               162 YServer.txt
              24 File(s)      2,710,464 bytes
              39 Dir(s)  28,295,872,512 bytes free

descriptionSolvedRe: Possible Malware

more_horiz
Volume in drive C has no label.
 Volume Serial Number is 4C24-412F

 Directory of c:\

03/16/2010  01:18 PM              0a50dd6afc3b0e5d4a384b
05/04/2006  11:00 PM              2000IRC2
03/16/2010  07:37 PM              2012
02/15/2004  03:32 AM              52d23f3650485ff4e6556b
06/12/2010  03:03 AM              5bda237df9bb4f1fd9059e54
12/15/2003  07:54 AM              88a3314e4731faece3
05/30/2013  11:22 PM              A Pictures
02/11/2007  12:11 PM              a130982ba27e542030f7
08/22/2007  07:18 PM              ARACHNE
09/03/2002  09:59 AM                 0 AUTOEXEC.BAT
06/21/2010  06:25 PM              AVATAR
11/26/2009  05:35 AM              AVGTemp
06/14/2010  10:45 PM           173,288 avi_log.txt
06/17/2009  06:25 PM               211 Boot.bak
08/04/2004  12:00 AM           260,272 cmldr
07/02/2009  12:03 PM              Combo-Fix
10/25/2017  03:21 AM              Config.Msi
09/03/2002  09:59 AM                 0 CONFIG.SYS
06/17/2017  07:10 PM              ConverterOutput
10/22/2017  07:29 PM             3,004 DelFix.txt
04/19/2007  03:16 AM              DELL
12/15/2003  07:31 AM             6,146 DELL.SDR
04/23/2011  03:00 PM              Documents and Settings
12/15/2003  07:23 AM              DRIVERS
10/31/2017  04:53 AM                 0 drwtsn32.log
08/19/2005  12:38 PM           247,926 Five Star Invoice Esther Herrer.pdf
09/04/2005  03:09 PM           247,813 Five Star Invoice Josh Harris.pdf
09/19/2005  12:06 AM           339,281 Five Star Invoice Paul House.pdf
01/29/2016  12:04 PM              found.000
07/15/2007  05:09 PM              gs
04/22/2004  02:09 PM              HTML Ebay Folder
10/14/2016  01:01 PM              I386
07/16/2007  03:11 AM               160 Index.html
03/20/2013  11:37 PM             1,713 InstallHelper.log
09/03/2002  09:59 AM                 0 IO.SYS
08/22/2007  07:10 PM             2,011 IPH.PH
07/16/2007  03:13 AM           892,928 Learn How I Make $1000.00 in one day.pdf
08/28/2016  01:11 AM              LGD415RD
08/29/2016  02:22 AM              LGMobileUpgrade
07/08/2005  01:41 AM              Media
09/03/2002  09:59 AM                 0 MSDOS.SYS
10/02/2005  11:20 PM              MSOCache
01/17/2015  11:35 AM              Multimedia Files
12/15/2003  08:05 AM              My Music
01/21/2014  01:24 AM              Netgear
07/16/2009  03:34 PM           417,792 NPcol305.dll
06/07/2006  02:25 AM              One.htm
10/31/2017  05:36 AM              Program Files
10/30/2017  05:38 AM            86,914 R2D2 Insurance Card.jpg
07/02/2009  12:01 PM              RECYCLER(3)
07/18/2007  08:17 PM                26 register.js
10/08/2017  03:30 AM                18 repair_starting.dat
06/25/2017  04:01 PM             4,598 resetlog.txt
11/24/2009  07:03 AM              spoolerlogs
02/28/2015  05:21 AM              SUPERDelete
10/07/2005  02:35 PM            26,201 Team Roster Fall The Raptors 2005.pdf
06/11/2010  11:15 PM              temp
07/17/2007  11:53 AM              unzipped
09/08/2017  02:00 AM              vpp_temp
01/29/2012  04:23 AM              weather4
10/31/2017  04:55 AM              WINDOWS
04/26/2004  11:03 PM              WUTemp
05/14/2017  03:52 PM               162 YServer.txt
              24 File(s)      2,710,464 bytes
              39 Dir(s)  28,295,872,512 bytes free

descriptionSolvedRe: Possible Malware

more_horiz
I am not sure what happened to the above post

descriptionSolvedRe: Possible Malware

more_horiz
Heimdal would be good to keep, everything else is fine. That is all then... Any other questions?

descriptionSolvedRe: Possible Malware

more_horiz
Everything else is fine to keep, or get rid of?

descriptionSolvedRe: Possible Malware

more_horiz
Everything else can be removed.

descriptionSolvedRe: Possible Malware

more_horiz
Okay, thank you.  What about my disk player?  Those were disabled I believe, and when I tried to reset the change would not take.

descriptionSolvedRe: Possible Malware

more_horiz
Have you attempted to play a disc yet?

I believe what is disabled is emulation drivers, correct?
Permissions in this forum:
You cannot reply to topics in this forum