Metropolitan Police malware has infected my system

[benni9000]

Here is the ESET Log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=58554bdb09dce644811fbe806f8fc97c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-03 12:16:40
# local_time=2012-07-03 01:16:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 107290 107290 0 0
# compatibility_mode=768 16777215 100 0 75885219 75885219 0 0
# compatibility_mode=6401 16777213 66 100 348807 2879305 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120787
# found=0
# cleaned=0
# scan_time=9941


The computer seems to be running fine now with the exception of a missing RUNDLL file upon start up.  I have mentioned this before in my original post and in my shortend version.

I got Metropolitan Police malware on my laptop.  I followed the "read this before requesting malware removal help" post which seems to have stopped it, Now I just need to get rid of the damage?  I think there are still some files left on my laptop from the malware and I am missing a RUNDLL file from the windows directory.

I have attache a jpg of the error window as I couldn't seem to get it into the post.

I believe the RUNDLL file was the source of my malware issue.  I will explain my reasoning though I could be wrong.  When I got the malware it locked up the laptop.  It didn't however start until the internet connection was live.  So with the internet disconnected I looked in my startup folder by going right mouse button on Start and browsing all users.  I found a short cut called cpfmon.  I deleted cos I didn't know what it was.  Came straight back.  So I searched C drive for cpfmon and found a few other files withe the same name.  I deleted them and then connected to the internet.  No malware issue.  When I restarted and connected I got the malware back.  So I looked at the properties of the cpfmon shortcut and found where it was linked to, it was a RUNDLL file in the windows directory.  Hence why I think the RUNDLL file was the source of the malware or at least what it had infected.

Apart from this missing file everything is ok that I can see.  I appreciate all the help you have given.

Thank you

[year+ old attachment deleted by admin]

[SuperDave]

I'm happy that everything is working well but I want to check further on that alert and then we'll so some cleanup.

[SuperDave]

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:filefind
jork_0_typ_col.exe
Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt

[benni9000]

SystemLook 30.07.11 by jpshortstuff
Log created at 18:17 on 05/07/2012 by Benni
Administrator - Elevation successful

========== filefind ==========

Searching for "jork_0_typ_col.exe"
No files found.

-= EOF =-

[SuperDave]

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:regfind
jork_0_typ_col.exe
Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
 

[benni9000]

Nothing exciting I'm afraid

SystemLook 30.07.11 by jpshortstuff
Log created at 19:39 on 06/07/2012 by Benni
Administrator - Elevation successful

========== regfind ==========

Searching for "jork_0_typ_col.exe"
No data found.

-= EOF =-

[SuperDave]

Please download SystemLook from one of the links below and save it to your desktop.

Link # 1
Link # 2

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double-click SystemLook.exe to run it.

Copy the contents of the following codebox into the main textfield.

Code: [Select]

:regfind
"error loading"
Click the Look button to start the scan.

Note: The scan may take some time so please just let it do its work and be patient (or do something else unrelated to the computer).

When finished, a notepad window will open with the results of the scan. Please post the log. The log can also be found on your desktop entitled SystemLook.txt
 

[benni9000]

I'm afraid there is still no joy

SystemLook 30.07.11 by jpshortstuff
Log created at 18:08 on 08/07/2012 by Benni
Administrator - Elevation successful

========== regfind ==========

Searching for ""error loading""
No data found.

-= EOF =-

[SuperDave]

Please do this even if you don't have your OS disk.Please let me know what happens.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue  progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

[benni9000]

Unfortunatly I don't have the XP CD.  I got the lap top with an XP downgrade as I didn't want Windows Vista.  I have the Vista CD though.

I followed the FSC /Scannow instructions.  It went through it all.  There was no message after it finished so I assume everything was ok.

[SuperDave]

Unfortunatly I don't have the XP CD.  I got the lap top with an XP downgrade as I didn't want Windows Vista.  I have the Vista CD though.

I followed the FSC /Scannow instructions.  It went through it all.  There was no message after it finished so I assume everything was ok.

If it didn't ask for the XP disk that means all the OS files are ok. I'm at a loss as to what's causing this error.

[benni9000]

Ok.  No worries.  Other than that message on startup everything seems to be working ok.  I really appreciate the time and effort you've spent helping me sort my laptop out.

Thank you

[SuperDave]

We should do some cleanup before you go.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you
*******************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!