Author Topic: Virus or malware infection? (Read 3606 times)

jerri · « **on:** January 02, 2009, 12:15:45 PM »

I am running a dell inspiron 531s desktop with 2.31gHz and 1.93 GB RAM with Windows xp version 2002 service pack 3.

I have been having issues with searches being redirected, my norton antivirus had to be removed completely because it would not function and it was up to date. When I tried to go to any site with antivirus software the site was blocked. I finally got avast from filehippo as well as the other software you mentioned above.

I have followed all of the instructions above and things seem to be working better, but please let me know what else I may need to do.

[attachment deleted by admin]

CBMatt · « **Reply #1 on:** January 04, 2009, 05:12:49 PM »

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

jerri · « **Reply #2 on:** January 04, 2009, 06:46:27 PM »

Okay I ran combo fix and here is the log for that and hijackthis. Thanks for the help.

[attachment deleted by admin]

CBMatt · « **Reply #3 on:** January 05, 2009, 03:26:07 PM »

One more quick scan...

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/179891642/SDFix.exe.html

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply.

jerri · « **Reply #4 on:** January 05, 2009, 05:18:45 PM »

Here is the sdfix report.

[attachment deleted by admin]

CBMatt · « **Reply #5 on:** January 05, 2009, 05:44:56 PM »

You have WildTangent on your computer, which I'm not particularly fond of, but it technically isn't an infection. Aside from that, I don't see much. How is your computer running now?

jerri · « **Reply #6 on:** January 05, 2009, 05:48:07 PM »

It seems to be running fine now. I don't even use wild tangent. that can be removed from the add remove programs page right?

CBMatt · « **Reply #7 on:** January 06, 2009, 12:48:04 AM »

You should be able to remove it that way. If not, just let me know and I'll see if I can provide you with some instructions. I believe there may be a removal tool available, but I could be wrong about that.

Also, you need to get yourself a decent firewall. I would suggest looking into Comodo, ZoneAlarm, or Kerio Sunbelt. Find one you like, download it, disconnect from the internet, disable Windows Firewall, install your new one and restart.

While you're at it, go ahead and uninstall ComboFix. To this, simply go to Start > Run and type in combofix /u (note the space) and click OK.

You should also clear out your System Restore points by turning it off and then turning it back on...
http://support.microsoft.com/kb/310405

jerri · « **Reply #8 on:** January 06, 2009, 05:00:58 PM »

I unistalled Combofix and have downloaded and installed Comodo Firewall. I also removed Wild Tangent. Is there anything else I need to do or am I good. Thanks again for all the help.

CBMatt · « **Reply #9 on:** January 06, 2009, 05:20:27 PM »

As long as you have done all of my recommended steps, then you are good to go!

Computer Hope Forum

News:

Author Topic: Virus or malware infection? (Read 3606 times)

jerri

Virus or malware infection?

CBMatt

Re: Virus or malware infection?

jerri

Re: Virus or malware infection?

CBMatt

Re: Virus or malware infection?

jerri

Re: Virus or malware infection?

CBMatt

Re: Virus or malware infection?

jerri

Re: Virus or malware infection?

CBMatt

Re: Virus or malware infection?

jerri

Re: Virus or malware infection?

CBMatt

Re: Virus or malware infection?