Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Metropolitan Police malware has infected my system  (Read 20379 times)

0 Members and 1 Guest are viewing this topic.

benni9000

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Re: Metropolitan Police malware has infected my system
    « Reply #15 on: July 03, 2012, 03:39:33 PM »
    Here is the ESET Log

    [email protected] as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=58554bdb09dce644811fbe806f8fc97c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-03 12:16:40
    # local_time=2012-07-03 01:16:40 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 107290 107290 0 0
    # compatibility_mode=768 16777215 100 0 75885219 75885219 0 0
    # compatibility_mode=6401 16777213 66 100 348807 2879305 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=120787
    # found=0
    # cleaned=0
    # scan_time=9941


    The computer seems to be running fine now with the exception of a missing RUNDLL file upon start up.  I have mentioned this before in my original post and in my shortend version.

    I got Metropolitan Police malware on my laptop.  I followed the "read this before requesting malware removal help" post which seems to have stopped it, Now I just need to get rid of the damage?  I think there are still some files left on my laptop from the malware and I am missing a RUNDLL file from the windows directory.

    I have attache a jpg of the error window as I couldn't seem to get it into the post.

    I believe the RUNDLL file was the source of my malware issue.  I will explain my reasoning though I could be wrong.  When I got the malware it locked up the laptop.  It didn't however start until the internet connection was live.  So with the internet disconnected I looked in my startup folder by going right mouse button on Start and browsing all users.  I found a short cut called cpfmon.  I deleted cos I didn't know what it was.  Came straight back.  So I searched C drive for cpfmon and found a few other files withe the same name.  I deleted them and then connected to the internet.  No malware issue.  When I restarted and connected I got the malware back.  So I looked at the properties of the cpfmon shortcut and found where it was linked to, it was a RUNDLL file in the windows directory.  Hence why I think the RUNDLL file was the source of the malware or at least what it had infected.

    Apart from this missing file everything is ok that I can see.  I appreciate all the help you have given.

    Thank you

    [year+ old attachment deleted by admin]

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 995
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Metropolitan Police malware has infected my system
    « Reply #16 on: July 04, 2012, 04:31:55 PM »
    I'm happy that everything is working well but I want to check further on that alert and then we'll so some cleanup.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 995
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Metropolitan Police malware has infected my system
    « Reply #17 on: July 04, 2012, 05:46:42 PM »
    Please download SystemLook from one of the links below and save it to your desktop.

    Link # 1
    Link # 2

    Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double-click SystemLook.exe to run it.

    Copy the contents of the following codebox into the main textfield.
    Code: [Select]
    :filefind
    jork_0_typ_col.exe

    Click the Look button to start the scan.

    Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

    When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    benni9000

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Metropolitan Police malware has infected my system
      « Reply #18 on: July 05, 2012, 12:44:11 PM »
      SystemLook 30.07.11 by jpshortstuff
      Log created at 18:17 on 05/07/2012 by Benni
      Administrator - Elevation successful

      ========== filefind ==========

      Searching for "jork_0_typ_col.exe"
      No files found.

      -= EOF =-


      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 995
      • Certifications: List
      • Experience: Expert
      • OS: Windows 8
      Re: Metropolitan Police malware has infected my system
      « Reply #19 on: July 05, 2012, 06:48:10 PM »
      Double-click SystemLook.exe to run it.

      Copy the contents of the following codebox into the main textfield.
      Code: [Select]
      :regfind
      jork_0_typ_col.exe

      Click the Look button to start the scan.

      Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

      When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
       
      Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

      benni9000

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Metropolitan Police malware has infected my system
        « Reply #20 on: July 06, 2012, 12:42:33 PM »
        Nothing exciting I'm afraid

        SystemLook 30.07.11 by jpshortstuff
        Log created at 19:39 on 06/07/2012 by Benni
        Administrator - Elevation successful

        ========== regfind ==========

        Searching for "jork_0_typ_col.exe"
        No data found.

        -= EOF =-

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 995
        • Certifications: List
        • Experience: Expert
        • OS: Windows 8
        Re: Metropolitan Police malware has infected my system
        « Reply #21 on: July 07, 2012, 06:25:45 PM »
        Please download SystemLook from one of the links below and save it to your desktop.

        Link # 1
        Link # 2

        Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        Double-click SystemLook.exe to run it.

        Copy the contents of the following codebox into the main textfield.
        Code: [Select]
        :regfind
        "error loading"

        Click the Look button to start the scan.

        Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

        When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
         
        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

        benni9000

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Metropolitan Police malware has infected my system
          « Reply #22 on: July 08, 2012, 11:13:25 AM »
          I'm afraid there is still no joy

          SystemLook 30.07.11 by jpshortstuff
          Log created at 18:08 on 08/07/2012 by Benni
          Administrator - Elevation successful

          ========== regfind ==========

          Searching for ""error loading""
          No data found.

          -= EOF =-

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 995
          • Certifications: List
          • Experience: Expert
          • OS: Windows 8
          Re: Metropolitan Police malware has infected my system
          « Reply #23 on: July 09, 2012, 04:49:22 PM »
          Please do this even if you don't have your OS disk.Please let me know what happens.

          Do you have an XP CD?

          If so, place it in your CD ROM drive and follow the instructions below:
          •Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
          *Let this run undisturbed until the window with the blue  progress bar goes away
          SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

          benni9000

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Metropolitan Police malware has infected my system
            « Reply #24 on: July 11, 2012, 10:36:10 AM »
            Unfortunatly I don't have the XP CD.  I got the lap top with an XP downgrade as I didn't want Windows Vista.  I have the Vista CD though.

            I followed the FSC /Scannow instructions.  It went through it all.  There was no message after it finished so I assume everything was ok.

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 995
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Metropolitan Police malware has infected my system
            « Reply #25 on: July 11, 2012, 04:44:31 PM »
            Unfortunatly I don't have the XP CD.  I got the lap top with an XP downgrade as I didn't want Windows Vista.  I have the Vista CD though.

            I followed the FSC /Scannow instructions.  It went through it all.  There was no message after it finished so I assume everything was ok.
            If it didn't ask for the XP disk that means all the OS files are ok. I'm at a loss as to what's causing this error.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            benni9000

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Metropolitan Police malware has infected my system
              « Reply #26 on: July 12, 2012, 03:05:20 PM »
              Ok.  No worries.  Other than that message on startup everything seems to be working ok.  I really appreciate the time and effort you've spent helping me sort my laptop out.

              Thank you

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 995
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Metropolitan Police malware has infected my system
              « Reply #27 on: July 12, 2012, 03:56:33 PM »
              We should do some cleanup before you go.

              Download this program and run it Uninstall ComboFix .It will remove ComboFix for you
              *******************************************
              To turn off Windows XP System Restore:

              NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

              1. Click Start.
              2. Right-click the My Computer icon, and then click Properties.
              3. Click the System Restore tab.
              4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
              5. Click Apply.
              6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
              7. Click OK.
              8. Restart the computer and follow the instructions in the next section to turn on System Restore.

              To turn on Windows XP System Restore:

              1. Click Start.
              2. Right-click My Computer, and then click Properties.
              3. Click the System Restore tab.
              4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
              5. Click Apply, and then click OK.
              ************************************************
              Clean out your temporary internet files and temp files.

              Download TFC by OldTimer to your desktop.

              Double-click TFC.exe to run it.

              Note: If you are running on Vista, right-click on the file and choose Run As Administrator

              TFC will close all programs when run, so make sure you have saved all your work before you begin.

              * Click the Start button to begin the cleaning process.
              * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
              * Please let TFC run uninterrupted until it is finished.

              Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
              ************************************************
              Use the Secunia Software Inspector to check for out of date software.

              •Click Start Now

              •Check the box next to Enable thorough system inspection.

              •Click Start

              •Allow the scan to finish and scroll down to see if any updates are needed.
              •Update anything listed.
              .
              ----------

              Go to Microsoft Windows Update and get all critical updates.

              ----------

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
              Safe Surfing!
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender