Viruses and Malware

[GeorgiaPoetry]

After 10 years on the net, I guess it is about time it happened. I went to uninstall something last night and my computer went haywire. Suddenly telling me I had viruses, spayware, malware and all sorts of other stuff.  The whole XP Security thing popped up (never seen it before) and I'm freaking out.  I can't get online, my AVG was shut down, SpyBot shut down..... even changed my homepage and wallpaper.  I did a search online and found evilfantasy's (i think that was their name) post about how to download and run SUPERAntiSpyware, HiJack and other things.  Thankfully I have another pc so I had download stuff on that pc.... save to flash....move to laptop... install.  Back and forth.  FINALLY.... I can get online, no more "you are infected" windows, my wallpaper is back. 
I honestly didn't have a clue about what I was doing.  That thread that I found was a lifesaver!  Easy to follow and easy to read.  Here are my logs that it asks to be posted.  I've left HiJack open just in case I need to do something else.

[Saving space - attachment deleted by admin]

[CBMatt]

Well, it looks like you managed to get yourself quite a few annoying little viruses.  It looks like each of these infections was causing a different problem for you.  I'm glad you found the post and that it helped you.

You've still got a couple of leftovers on your computer, so I'm going to have you download ComboFix and save it to your desktop.  Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says.  Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt.  Go ahead and post that here, along with a fresh new HijackThis log.  Note: Don't click on the window while it's running; this may cause stalls.

[GeorgiaPoetry]

Thank you so much!  Ok I ran Combofix and HJT again.  Here are the logs.  I sure hope everything is fixed now.  I was stressing Sooooo bad.

[Saving space - attachment deleted by admin]

[GeorgiaPoetry]

Please let me know if there is anything else I need to fix.  Thank you!

[CBMatt]

Well, you appear to be mostly clean.  However, you have an infection that both MBAM and SAS missed.  Or perhaps it was cleaned once before and there are just some leftovers.  Either way, I'll help you take care of it.  First, you should enable hidden files and folders and look in the following two folders:

C:\WINDOWS
C:\WINDOWS\system32

If you find a file named karna.dat in either folder, delete it.  You may need to be in Safe Mode for this.  If you don't find the file, then it has probably been removed already.  Either way, let me know.

Once you have removed the file (or found that it doesn't exist), we can fix your registry.  Go ahead and download this file:
http://fall.cerrocoso.edu/csci252-ftp/csci252/meichtry/borrow/fixappinit.reg

Download that to your desktop and double-click on it.  When it gives you a prompt message, click on Yes.  Then post one more HJT log so I can see if it worked.

[GeorgiaPoetry]

Thank you so much. I couldn't find the karna.dat file you were talking about!

Here is the hjt log.

[Saving space - attachment deleted by admin]

[CBMatt]

Okay, it looks good now!  I'm thinking one of your programs probably removed the infection but didn't fix the registry entry.  But that is now taken care of.

But before you go, I would like to go over a few things real quick.  First of all, you don't appear to have a reliable firewall.  You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo.  They're all good free firewalls.  Just be sure you only have one installed at a time!  Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

Also, I see that your Java is out of date.  You'll want to correct this quickly, as it will help provide further protection for you.  Follow these steps below...
Updating Java.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close ALL open web browsers before starting the installation. (thanks Nathan)

Remove the old version(s)

• Go to add/remove programs and uninstall all old versions.
• Be sure not to remove the new version that was just installed.
  
• Download JavaRa.zip and unzip the file to your Desktop.
  
• Open JavaRA.exe and choose Remove Older Versions
  
• Once complete exit JavaRA and delete the program.
• Run CCleaner.

.


One more thing...  As a standard procedure, we like to have users clear out their System Restore files and start over with a clean slate.  This is to remove any infected files that have been backed up by Windows.  Please follow these steps...

1.  Go to Start > Programs > Accessories > System Tools > System Restore
2.  Click on System Restore Settings.
3.  Check Turn off System Restore and click OK.
4.  Restart your computer.
5.  Follow steps 1 and 2 to return to the settings, uncheck Turn off System Restore, and click OK.
6.  Create a new restore point and close the program.

System Restore will now be active again.  If you would like to learn more about System Restore, go here.




And there you go!  Follow these steps and you'll be just a bit safer.  If you have anymore questions, you are more than welcome to ask.

[GeorgiaPoetry]

Thank you ever so much!  I've done it all.....well...not the firewall but I'm on my way to get one of those as well.  I sure do appreciate the time you have put into this thread.  May you have great Halloween weekend!

[CBMatt]

I'm glad I was able to help.  Oh, and there's one more thing!  Sorry, but I forgot to have you uninstall ComboFix.  Click on your Start button and click on Run, then type combofix /u (note the space) and click OK.  It's generally best to remove the program until you need it again.

I plan on having a great weekend and I hope you will as well.