Malware TR/spy.keylogger.qme Help!

[stonemanjr]

Done. It seems to not be appearing now when computer  is restarted-rebooted. Looking for log from this scan in order to post

[SuperDave]

I don't think there's any log from that. Please give it a few days and then come back and we'll so some cleanup.

[stonemanjr]

ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.

??

[SuperDave]

ok. Heres what is popping up now EXP/Pdfka.OG with some kind of ARC5 file in the temp folder.

Did you get a warning about that or did you just find it?

[stonemanjr]

yes....Avira is picking this thing up. any ideas?

[SuperDave]

Avira is picking this thing up. any ideas?

It's probably a false positive. Enable MSE  and disable Avira as your AV and try that for a while.

[stonemanjr]

ok. When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?

[SuperDave]

When I looked this up, it seemed to be common problem that some other were seeing and required a clean/scan. is there such a thing to run?

Nothing has turned up in all the scans we've run. There's one more thing we can try.

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

[stonemanjr]

thanks dave. Ok will do. yeah, Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus? and then an ARC5.dll file being found. it then runs its short scan each time. We were seeing this before but with a different named virus earlier, which seemed to disappear after something we had done that you told me to run. I am going back to read those notes know

[SuperDave]

Security Essentials keeps popping notice of infected files found and then runs a clean/scan. this is combined with the AVIRA giving notices of the EXP/Pdfka.OG virus?

You should not have two AV programs running at any time on your computer. It can cause conflicts.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[stonemanjr]

ok will do. Just to let you know, I ran a Microsoft security Essentials scan and then ran the TLC by Old Timer again since you had told me to do this first time around, followed by Combo Fix. Scan showed zero issues/infections, TLC cleaned out stuff and then ComboFIx deleted several files and fixed a Win32 system? file. I restarted and nothing is poping up now. miracle. what do you think?

[SuperDave]

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[stonemanjr]

thank you--ok. last quick question, for some reason now the printer a HP 6MP, will not print and it was doing fine before I ran combofix 2nd time. any thoughts. tried reinstalling driver,etc. but continues to give error. thanks again for all the help here.

[SuperDave]

Try re-installing the printer.

[stonemanjr]

ok. did that yesterday and it seems to continue rejecting in ERROR. saw this early on when that TR/Keylogger was popping up all the time