Dealing with Malware (Having Followed the Guide)

[SuperDave]

Please run RogueKiller again and delete those items.

In regards to these IPs that are trying to gain access (I've noticed about 2-3 different ones) - Is MBAM the only thing protecting my computer? How can I stop them once MBAM has expired?

A good third-party firewall will protect you against such things.

AVENGER

• Download The Avenger by Swandog46 from here.
  
• Unzip/extract it to a folder on your desktop.
• Double click on avenger.exe to run The Avenger.
  
• Click OK.
  
• Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  
• Click the Execute button.
  
• You will be asked No script has been entered.  Do you want to execute a rootkit scan only?.
  
• Click Yes.
  
• You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot.  Reboot now?.
  
• Click Yes.
  
• Your PC will now be rebooted.
• After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  
• Please post this log in your next reply.

*********************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)

[LiquidTension]

I've searched my computer but there is no sign of the avenger.txt file.

When my computer restarted, two new icons were added to my desktop - the Computer shortcut, and 'Username' folder shortcut.

Should I run The Avenger again?

[LiquidTension]

A good third-party firewall will protect you against such things.

Are you able to recommend a good product that's also free?

[SuperDave]

These are all free Firewalls

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus
5) ZoneAlarm Firewall

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

[LiquidTension]

Thanks Dave. I've gone with Online Armor and will see how this performs.

As for the The Avenger report not appearing on my computer - Shall I run it again? And do you recommend I do any further scans?

Final question: What are your thoughts about the upgraded version of Malwarebytes? Is it worth buying the upgrade?

[LiquidTension]

I've had to uninstall OA as it interferes with my browsers. I'm going to try a different one now.

However, during initialisation of OA it came up with this - two autorun programmes that I'm unsure of. Are you able to recognise what they are?
Edit: I understand that the top one is to with Comodo, but what about the bottom one?

[SuperDave]

As for the The Avenger report not appearing on my computer - Shall I run it again? And do you recommend I do any further scans?

Yes, please run it again and I'll take a look at the log and we'll go from there.

Final question: What are your thoughts about the upgraded version of Malwarebytes? Is it worth buying the upgrade?

With the upgraded version you will receive full-time protection. I believe there are some other bells and whistles. You can check them out on the website.

I've had to uninstall OA as it interferes with my browsers. I'm going to try a different one now.

All third-party firewalls are like that. You have to teach me how to behave.

I understand that the top one is to with Comodo, but what about the bottom one?

I have no information about that second one.

[LiquidTension]

I've tried the avenger again and the same thing happened (although this time no new shortcuts were created on the desktop).

Everything went as planned, but there was still no report when my computer restarted. I'm positive (I looked where you suggested in your previous post, and used "avenger" as a keyword to search my computer. No text file was found.

What do you suggest? Are there any similar scans I could do that would yield similar results?

[SuperDave]

However, the one thing I have noticed since installing MBAM is that every now and then I get a notification saying MBAM has blocked an IP accessing my PC. For example 193.17.41.93

Is this still happening?

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[LiquidTension]

I haven't noticed a notification for the last 2 days. But I can't really comment on whether it's stopped or not. I shall monitor it for the next few days and make a note of any IPs Malwarebytes blocks (if there are any). I have 7 days left on the trial, and currently considering upgrading just before it expires.

Here is the result from the security scan.
 Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Disabled! 
COMODO Antivirus   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SpywareBlaster 5.0   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java(TM) 6 Update 22 
 Java 7 Update 21 
 Adobe Flash Player 11.6.602.180 
 Adobe Reader 10.1.6 Adobe Reader out of Date! 
 Mozilla Firefox (20.0.1)
 Google Chrome 26.0.1410.43 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Comodo Firewall cmdagent.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Ok. Let's me know in a few days what's happening and we can do some cleanup.

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

[LiquidTension]

Ok. Let's me know in a few days what's happening and we can do some cleanup.

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

Alright, I've updated my Adobe Reader.

Thanks again for all the help Dave, I really appreicate it. I'll update you in a few days time and let you know if there's been any more of those blocked IP notifications.

[LiquidTension]

MBAM has just notified me that it has blocked the same IP: 193.17.41.93.

Obviously the malicious IPs are still trying to gain access. What do you suggest I do? And is MBAM blocking the IPs the reason for my Comodo Firewall not notifying me?

[SuperDave]

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory..

[LiquidTension]

No threats found in the TDSSKiller scan.

Any idea on this question?

Obviously the malicious IPs are still trying to gain access. What do you suggest I do? And is MBAM blocking the IPs the reason for my Comodo Firewall not notifying me?