autorun.inf worm removal

[evilfantasy]

This service:

O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

[PatriciaW]

  I don't use that anymore and will delete it.. So how does things look now?? Is my computer healed??? i know its running quicker even  though I'm on dial up..Now I have to fix the other one.. can I post the logs on here or start a new topic?? That ones gonna take some time to do.. thanks again...

[evilfantasy]

You can't just delete a service...

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Now, go to Start > Run, and copy/paste the following blue text into the Open box:

sc stop "SessionLauncher"

Now click OK.

Again in the Run box copy then paste:

sc delete "SessionLauncher"

Click: OK

----------

If you have another computer then please start a new topic for it. Post here when you do so I will know. It sometimes takes me a while before I start looking for new threads to work on.

[PatriciaW]

hey  Evilfantasy
how do i know if that worked. nothing opened when i did that. I saw a quick flash of something trying to open but,that was it.

[evilfantasy]

To make sure you can use another method that will work for sure.

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]

@ECHO OFF
sc stop "SessionLauncher"
sc delete "SessionLauncher"
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

[PatriciaW]

ok done and the same quick flash of a box but, it didn't open.

[evilfantasy]

It won't actually open. It only takes a split second. Run a new HJT scan and see if the entry is gone, which it should be now.

[PatriciaW]

heres the new log.. I don't see it anymore. 


[attachment deleted by admin]

[evilfantasy]

Looks OK but I am suspicious of one entry. We can look at it with ComboFix.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[PatriciaW]

heres the combofix log. 

[attachment deleted by admin]

[evilfantasy]

Looks good.

Final steps.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

.
.
The above procedure will:

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

.
----------

Use the Secunia Software Inspector to check for out of date software.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[PatriciaW]

I seem to have alot of problems running java on my computers. It takes forever to get it working. This is what Secunia says.

Status / Currently Processing:
There might be problems loading the Java Applet in your browser.

I'm not sure how to get you a copy of the java console. I tried copy and paste. it won't do it. I found out about the console when i was working on getting my pogo games to run. it still takes many tries to get java to run the game. sometimes an hour. then it takes another 20 minutes to load the game.. lol  any suggestions?? The scan won't do anything because the applet problem.

[evilfantasy]

Create An Uninstall List

• Start HijackThis
  
• Click on the Open the Misc Tools section
  
• Click on the Open Uninstall Manager button.
  
• Click on the Save list button and specify where you would like to save this file and click Save.
  • When you press Save button a notepad will open with the contents of that file.
• Copy and paste that list in your reply.

[PatriciaW]

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Broadcom Gigabit Integrated Controller
Broadcom WLAN
Camera Center
CCleaner (remove only)
Choice Guard
Conexant HD Audio
DirectXInstallService
Drag-to-Disc
DrmRemoval 3.6.3
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
iTunes
Java(TM) 6 Update 12
JMicron JMB38X Flash Media Controller
Lenovo Care
Lenovo Care Supplement
Lenovo EasyCamera
Lenovo Registration
Lenovo System Interface Driver
Lenovo System Toolbox
Malwarebytes' Anti-Malware
Message Center
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NetZero Connection Wizard
NetZero Internet
On Screen Display
PM Driver
Power Ux Customization
Presentation Director
Product Recovery Disc Burning Utility
QuickTime
Registry patch for Windows Vista USB S3 PM Enablement
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
Registry patch to improve USB device detection on resume from sleep for Windows Vista
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Creator Small Business Edition
Roxio Express Labeler 3
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
SUPERAntiSpyware Free Edition
System Update
ThinkVantage Access Connections
ThinkVantage Status Gadget
ThinkVantage Technologies Welcome Message
Ulead Photo Express 4.0 SE
Wallpapers
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Yahoo! Messenger
Yahoo! Toolbar


Thanks again!

[evilfantasy]

Looks OK.

What browser were you using? If Firefox try in IE or the oposite.

Might also clear your java Cache.

Clearing Java Cache

Go to Start > Control Panel and double-click the Java Icon

• On the General tab, under Temporary Internet Files, click the Settings button.
  
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications
    
  • Applets Trace and Log Files
  .
  
• Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

.
And check this.

Enable Java in Internet Explore

• Please open up Internet Explore
  
• Click Tools, then on Internet Options
  
• Click on the tab Advanced
  
• Scroll down too Java (Sun)
  
• Check the box for JRE 1.6*_** (The ** will change depending on the version of Java)

.

• Next: Click the tab Security
  
• Click the Custom Level button
  
• Scroll down to Scripting of Java applets
  
• Make sure Enable radio button is checked.
  
• Click OK to save your preference.